ML20204B026
ML20204B026 | |
Person / Time | |
---|---|
Site: | NuScale |
Issue date: | 08/28/2020 |
From: | Prosanta Chowdhury Office of Nuclear Reactor Regulation |
To: | |
Chowdhury P | |
References | |
Download: ML20204B026 (47) | |
Text
13-1 CONDUCT OF OPERATIONS This chapter of the final safety evaluation report (FSER) documents the U.S. Nuclear Regulatory Commission (NRC) staffs (hereinafter referred to as the staff) review of Chapter 13, Conduct of Operations, of the NuScale Power, LLC (hereinafter referred to as the applicant),
Design Certification Application (DCA), Part 2, Final Safety Analysis Report. The staffs regulatory findings documented in this report are based on Revision 5 of the DCA, dated July 29, 2020 (Agencywide Document Access and Management System (ADAMS), Accession No. ML20225A071). The precise parameter values, as reviewed by the staff in this safety evaluation, are provided by the applicant in the DCA using the English system of measure.
Where appropriate, the NRC staff converted these values for presentation in this safety evaluation to the International System (SI) units of measure based on the NRCs standard convention. In these cases, the SI converted value is approximate and is presented first, followed by the applicant-provided parameter value in English units within parentheses. If only one value appears in either SI or English units, it is directly quoted from the DCA and not converted.
Organizational Structure Introduction A combined license (COL) applicants organizational structure includes the corporate-level management and technical support organization and the onsite operating organization. The management and technical support organization includes the corporate or home office offsite organization; associated functions, activities, and responsibilities; and the approximate number and qualifications of offsite personnel necessary to ensure that sufficient technical resources have been, are being, and will continue to be provided to accomplish the safe design, construction, testing, and operation of the nuclear plant. The onsite operating organization includes the structure, functions, activities, responsibilities, and approximate number and qualifications of onsite personnel necessary to safely operate and maintain the facility.
The staff reviewed the DCA to evaluate the COL information items that pertain to (1) COL applicant descriptions of the corporate-level management and technical support organization and (2) COL applicant descriptions of the onsite operating organization.
Summary of Application DCA Part 2 Tier 1: There is no Tier 1 information associated with this section.
DCA Part 2 Tier 2: The plans for a corporate-level, technical, and onsite organizational structure to support, design, construct, test, operate, and maintain the nuclear plant are not within the scope of the NuScale DCA. This responsibility resides with the COL applicant. In DCA Part 2 Tier 2, Section 13.1, Organizational Structure, the applicant specified COL information items for the COL applicant to describe the corporate-level management and technical support organization and the onsite operating organization.
ITAAC: The applicant has not proposed any inspections, tests, analyses, and acceptance criteria (ITAAC) related to this area of review.
Technical Specifications: There are no technical specifications (TS) for this area of review.
13-2 Technical Reports: There are no technical reports (TRs) associated with this area of review.
Regulatory Basis Section 13.1.1, Management and Technical Support Organization, and Section 13.1.2-13.1.3, Operating Organization, of NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (SRP), identify, in part, the relevant NRC regulatory requirements for organizational structure and the associated acceptance criteria.
The applicable regulatory requirements for the organizational structure are as follows:
Title 10 of the Code of Federal Regulations (10 CFR) 50.34(f)(3)(vii), as it pertains to requirements related to lessons learned from the accident at Three Mile Island (TMI) for the applicant to describe the management plan for design and construction activities of the proposed plant 10 CFR 50.40(b), which requires the COL applicant to be technically qualified to engage in activities associated with the design, construction, and operation of a nuclear power plant 10 CFR 50.48(a)(1)(ii), as it pertains to information that must be included in the fire protection plan of the holder of a COL under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants, specifically, the identification of the various positions within the licensees organization that are responsible for the program 10 CFR 50.54(i), (j), (k), (l), and (m), as they pertain to the organizational staffing requirements for, and responsibilities of, operators and senior operators licensed under 10 CFR Part 55, Operators Licenses 10 CFR Part 50, Domestic Licensing of Production and Utilization Facilities, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, as it pertains to organizational responsibilities for the establishment and execution of the quality assurance program 10 CFR 52.79(a)(26)-(28) and (29)(i), as they pertain to information that must be included in the final safety analysis report (FSAR) that is submitted as part of the application for a COL, specifically, the following:
(1) the applicants organizational structure, allocations or responsibilities and authorities, and personnel qualifications requirements for operation (2) managerial and administrative controls to be used to assure safe operation as established in 10 CFR Part 50, Appendix B (3) plans for preoperational testing and initial operations (4) plans for the conduct of normal operations The related acceptance criteria are as follows:
13-3 Section III, Acceptance Criteria, of SRP Section 13.1.1, Revision 6, issued August 2016 Section III of SRP Section 13.1.2-13.1.3, Revision 7, issued August 2016 Review Criterion 6.4(2) in Section 6, Staffing and Qualifications, of NUREG-0711, Human Factors Engineering Program Review Model, Revision 3, issued November 2012 NUREG-1791, Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in 10 CFR 50.54(m), issued July 2005 NUREG/CR-6838, Technical Basis for Regulatory Guidance for Assessing Exemption Requests from the Nuclear Power Plant Licensed Operator Staffing Requirements Specified in 10 CFR 50.54(m), issued February 2004 Technical Evaluation The COL applicant is responsible for describing the corporate-level management and technical support organization and the onsite operating organization. This section presents the staffs evaluation of the COL information items that pertain to the COL applicants organizational structures.
13.1.4.1 Combined License Information Items The NRC regulations require a COL applicant that references the NuScale certified design to address the site-specific information described in the COL information items at the COL stage.
13.1.4.1.1 Management and Technical Support Organization SRP Section 13.1.1 states that for the management and technical support organization, the COL applicants safety analysis report (SAR) should do the following:
Describe the qualification requirements for each identified position or class of positions that provide technical support to the onsite operating organization.
Specify the qualification requirements for individuals holding management and supervisory positions in organizational units that provide support to the onsite operating organization.
In DCA Part 2 Tier 2, Section 13.1.1, Management and Technical Support Organization, the applicant specified COL Item 13.1-1, which directs the COL applicant to describe the corporate-level or home office management and technical support organization and specify the necessary qualification requirements for positions within the management and technical support organization that provide technical support to the onsite operating organization. The staff finds that COL Item 13.1-1 appropriately addresses the information that the COL applicant should provide for corporate-level management and technical support organizations.
13-4 13.1.4.1.2 Operating Organization SRP Section 13.1.2-13.1.3 states that the COL applicants SAR should describe (1) the structure, functions, and responsibilities of the onsite operating organization established to operate and maintain the plant and (2) any alternatives to the requirements involving the number of licensed personnel, as specified in 10 CFR 50.54(m). Consistent with the SRP, in DCA Part 2 Tier 2, Section 13.1.2, Operating Organization, COL Item 13.1-2 directs the COL applicant to describe the onsite operating organization, including the structure, functions, and responsibilities. In addition, COL Item 13.1-2 specifies that the proposed operating staff shall be consistent with the minimum licensed operator staffing requirements in DCA Part 2 Tier 2, Section 18.5, Staffing and Qualification. In DCA Part 2 Tier 2, Section 18.5, the applicant described a staffing level and qualifications analysis that is an alternative to the requirements of 10 CFR 50.54(m). Within the context of the DCA Part 2 Tier 2, Chapter 13, review, the staff concludes that it is acceptable for the COL item to reference the discussion in DCA Part 2 Tier 2, Section 18.5. Accordingly, the staff determined that COL Item 13.1-2 appropriately identifies information the COL applicant needs to provide for the onsite operating organization. FSER Chapter 18, Human Factors Engineering, describes the staffs evaluation of the staffing and qualification element of the NuScale human factors engineering program.
SRP Section 13.1.2-13.1.3 states that the COL applicants SAR should describe the education, training, and experience requirements (qualification requirements) that the applicant established to fill each management, operating, technical, and maintenance position category in the operating organization. In DCA Part 2 Tier 2, Section 13.1.3, Qualifications of Nuclear Plant Personnel, COL Item 13.1-3 directs the COL applicant to describe the qualification requirements for each of the identified position categories for the operating organization.
Accordingly, the staff determined that COL Item 13.1-3 appropriately identifies information the COL applicant needs to provide regarding the qualification requirements for the operating organization.
Combined License Information Items Table 13.1-1 below lists COL information items related to the organizational structure from DCA Part 2 Tier 2, Table 1.8-2, Combined License Information Items.
Table 13.1-1 NuScale COL Information Items Related to DCA Part 2 Tier 2, Section 13.1 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.1-1 A COL applicant that references the NuScale Power Plant design certification will provide a description of the corporate or home office management and technical support organization, including a description of the qualification requirements for (1) each identified position or class of positions that provide technical support to the onsite operating organization, and (2) individuals holding management and supervisory positions in organizational units providing technical support to the onsite operating organization.
13.1.1 COL Item 13.1-2 A COL applicant that references the NuScale Power Plant design certification will provide a description of the proposed structure, functions, and responsibilities of the onsite organization necessary to 13.1.2
13-5 Item No.
Description DCA Part 2 Tier 2 Section operate and maintain the plant. The proposed operating staff shall be consistent with the minimum licensed operator staffing requirements in Section 18.5.
COL Item 13.1-3 A COL applicant that references the NuScale Power Plant design certification will provide a description of the qualification requirements for each management, operating, technical, and maintenance position described in the operating organization.
13.1.3 Conclusion For the reasons given above, the staff concludes that the COL information items specified in Table 13.1-1 and included in DCA Part 2 Tier 2, are sufficient to identify information that the COL applicant needs to provide to meet the applicable requirements of 10 CFR 50.34(f)(3)(vii);
10 CFR 50.40(b); 10 CFR 50.48(a)(1)(ii); 10 CFR 50.54(i), (j), (k), and (l); 10 CFR Part 50, Appendix B; 10 CFR 52.79 (a)(26)-(28), and (29)(i); and the NuScale-specific minimum licensed operator staffing requirements in lieu of 10 CFR 50.54(m).
Training Introduction A COL applicants training program should include (1) the initial license training program for reactor operators and senior reactor operators, (2) the licensed operator requalification program, and (3) the nonlicensed plant staff training program, which consists of initial training, periodic retraining, and qualifications for nonlicensed operators, shift supervisors, shift technical advisors, instrumentation and control technicians, electrical maintenance personnel, mechanical maintenance personnel, radiological protection technicians, chemistry technicians, and engineering support personnel.
The staff reviewed the DCA to evaluate the COL information items that pertain to the COL applicants description of and schedule for (1) the licensed operator training program for reactor operators and senior reactor operators, including the licensed operator requalification program, and (2) the training program for the nonlicensed plant staff.
Summary of Application DCA Part 2 Tier 1: There is no Tier 1 information associated with this section.
DCA Part 2 Tier 2: The development of site-specific training programs is not within the scope of the NuScale DCA. This responsibility resides with the COL applicant. In DCA Part 2 Tier 2, Section 13.2, Training, the applicant specified two COL information items that direct the COL applicant to describe the initial license training program, the licensed operator requalification program, and the nonlicensed plant staff training program and to provide schedules for these programs.
ITAAC: The applicant has not proposed any ITAAC related to this area of review.
13-6 Technical Specifications: There are no TS for this area of review.
Technical Reports: There are no TRs associated with this area of review.
Regulatory Basis SRP Section 13.2.1, Reactor Operator Requalification Program; Reactor Operator Training, and SRP Section 13.2.2, Non-Licensed Plant Staff Training, identify, in part, the relevant NRC regulatory requirements for training and the associated acceptance criteria.
The applicable regulatory requirements for training are as follows:
10 CFR 19.12, Instruction to workers, as it pertains to instructions provided to workers regarding protection of personnel from exposure to radiation or radioactive material 10 CFR 26.29, Training, as it pertains to employee training associated with the fitness-for-duty program 10 CFR 50.34(f)(2)(ii), as it pertains to the TMI-related requirement for applicants to establish a program to begin during construction and to follow into operation for assessing and improving plant procedures applicable to operator training 10 CFR 50.40(a) and (b), as they pertain to the issuance of a COL under 10 CFR Part 52 based on considerations of whether the applicant (1) is technically qualified to engage in activities associated with the design, construction, and operation of a nuclear power plant and (2) has established the licensed and nonlicensed plant staff training programs necessary to provide reasonable assurance that the nuclear power plant can be safely operated 10 CFR 50.54(i-1), as it pertains to requirements for the establishment of a licensed operator requalification training program within 3 months after the date that the Commission makes the finding under 10 CFR 52.103(g) that the acceptance criteria in the COL are met 10 CFR 50.120(b)(1)-(3), as they pertain to requirements for the establishment, implementation, and maintenance of training programs derived from a systems approach to training as defined in 10 CFR 55.4, Definitions, for specific categories of nuclear power plant personnel 10 CFR Part 50, Appendix B, as it pertains to the training and technical qualifications of personnel who perform activities that affect the quality of structures, systems, and components (SSCs) that are covered by the quality assurance program 10 CFR Part 50, Appendix E, Emergency Planning and Preparedness for Production and Utilization Facilities, as it pertains to the requirements for emergency preparedness training of employees and other persons whose assistance may be needed in the event of a radiological emergency (e.g., local emergency services and law enforcement personnel), including participation in drill and exercise scenarios to provide performance opportunities to develop, maintain, and demonstrate key skills
13-7 10 CFR 52.79(a)(26)-(28) and (29)(i), as they pertain to information to be included the COL FSAR, specifically, the following:
(1) the qualification requirements of licensed and nonlicensed plant personnel to engage in activities associated with operation of the nuclear power plant (2) the controls associated with the training of personnel who perform activities that affect the quality of SSCs that are covered by the quality assurance program as established in 10 CFR Part 50, Appendix B (3) plans for licensing personnel and training nonlicensed plant staff before criticality to support preoperational testing activities and initial operations (4) plans for licensed and nonlicensed plant staff to receive the technical and administrative training required to operate, test, and maintain the nuclear power plant during the conduct of normal operations 10 CFR 52.79(a)(14), (21), (33), (34), (36), (39), (40) and (44), as they pertain to information that must be included in the FSAR that an applicant submits as part of the application for a COL, specifically, descriptions of (1) licensed operator training required by 10 CFR Part 55 and (2) training required by 10 CFR 50.120, Training and qualification of nuclear power plant personnel, for specific categories of nuclear power plant personnel, and (3) nonlicensed plant staff training associated with security procedures, radiological emergency plans, radiation protection, fire protection, and fitness for duty 10 CFR 55.4, as it pertains to Commission-approved training programs that are based on a systems approach to training 10 CFR 55.31(a)(4)-(5), as they pertain to the documentation requirements associated with successful completion by an applicant for an operator license of a facility licensees training program, when the facility licensee requests administration of the licensing exam (i.e., written examination and operating test) 10 CFR 55.41, Written examination: Operators, as it pertains to requirements associated with the content and makeup of the NRCs written examination for operators 10 CFR 55.43, Written examination: Senior operators, as it pertains to requirements associated with the content and makeup of the NRCs written examination for senior operators 10 CFR 55.45, Operating tests, as it pertains to requirements associated with (1) the content and makeup of the NRCs operating test for operators and senior operators and (2) the use of a Commission-approved simulation facility, a plant-referenced simulator, or the physical plant for administration of the operating test 10 CFR 55.46, Simulation Facilities, as it pertains to requirements for the use of simulation facilities in the administration of the NRC operating test
13-8 10 CFR 55.59, Requalification, as it pertains to requirements associated with licensed operator requalification training programs The related acceptance criteria are as follows:
Section III of SRP Section 13.2.1, Revision 4, issued August 2016 Section III of SRP Section 13.2.2, Revision 4, issued August 2016 Regulatory Guide (RG) 1.8, Qualification and Training of Personnel for Nuclear Power Plants, Revision 3, issued May 2000 RG 1.149, Nuclear Power Plant Simulation Facilities for Use in Operator Training and License Examinations, Revision 4, issued April 2011 NUREG-0711, Revision 3 NUREG-1021, Operator Licensing Examination Standards for Power Reactors, Revision 11, issued February 2017 NUREG-1220, Training Review Criteria and Procedures, Revision 1, issued January 1993 Technical Evaluation The COL applicant is responsible for the development of site-specific training programs. This section presents an evaluation of the COL information items that pertain to training programs for licensed and nonlicensed plant staff.
13.2.4.1 Combined License Information Items The NRC regulations require the COL applicant that references the NuScale certified design to address the site-specific information described in COL information items at the COL stage.
13.2.4.1.1 Licensed and Nonlicensed Plant Staff Training Programs SRP Section 13.2.1 states that the COL applicant should provide the description and scheduling of the licensed operator training program for reactor operators and senior reactor operators, including the licensed operator requalification program. SRP Section 13.2.2 states that the COL applicants nonlicensed plant staff training program should include the initial training, periodic retraining, and qualification that are required for nonlicensed plant staff. The staff reviewed DCA Part 2 Tier 2, Section 13.2, COL Item 13.2-1, and found that it specifies the appropriate and necessary information for licensed plant staff. The staff reviewed DCA Part 2 Tier 2, Section 13.2, COL Item 13.2-2, and found that it specifies the appropriate and necessary information for nonlicensed plant staff training programs. The staff also verified that DCA Part 2 Tier 2, adequately incorporates the COL information items presented in Table 13.2-1.
Combined License Information Items Table 13.2-1 below lists COL information item numbers and descriptions related to training from DCA Part 2 Tier 2, Table 1.8-2.
13-9 Table 13.2-1 NuScale COL Information Items Related to DCA Part 2 Tier 2, Section 13.2 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.2-1 A COL applicant that references the NuScale Power Plant design certification will provide a description and schedule of the initial training and qualification as well as requalification programs for reactor operators and senior reactor operators.
13.2 COL Item 13.2-2 A COL applicant that references the NuScale Power Plant design certification will provide a description and schedule of the non-licensed plant staff training programs, including initial training, periodic retraining, and qualification requirements.
13.2 Conclusion For the reasons given above, the staff concludes that the COL information items specified in Table 13.2-1 of this report and included in DCA Part 2 Tier 2, are sufficient to identify information the COL applicant needs to provide to meet the applicable requirements of 10 CFR 19.12; 10 CFR 26.29; 10 CFR 50.34; 10 CFR 50.40; 10 CFR 50.54; 10 CFR 50.120; 10 CFR Part 50, Appendix B; 10 CFR Part 50, Appendix E; 10 CFR 52.79; and 10 CFR Part 55.
Emergency Planning Introduction The NRC staff conducts its review of emergency planning (EP) in the DCA in accordance with the requirements in 10 CFR 52.47 and 10 CFR 52.48, Standards for Review of Applications.
The review addresses those design features, facilities, functions, and equipment that are technically relevant to the design, that are not site specific, and that affect some aspect of EP or the capability of a licensee to cope with plant emergencies. In addition, the review addresses design facilities such as a habitable technical support center (TSC) with adequate space, data retrieval capabilities, and dedicated communications equipment and an operational support center (OSC) with adequate communications. There is no minimum level of design-related EP that an application must address. The applicant may choose the extent to which the application includes EP features to be reviewed as part of the design certification.
The NRC staff conducted the review of design information and COL information items (designated as COL items) related to EP and documented the results in this section of Chapter 13. The COL items are listed in Section 13.3.5 of this report.
Summary of Application The sections below summarize the information submitted in NuScale DCA Part 2 Tier 1 and Tier
- 2.
DCA Part 2 Tier 1: DCA Part 2 Tier 1, Section 3.2, Normal Control Room Heating Ventilation and Air Conditioning System, describes the normal control room heating, ventilation, and air conditioning system, which is also referred to as the control room ventilation system (CRVS).
13-10 The CRVS serves the entire control building (CRB), which includes the TSC, and the access tunnel between the CRB and the reactor building. The CRVS is not related to safety. DCA Part 2 Tier 1, Table 3.2-2, Normal Control Room Heating Ventilation and Air Conditioning Inspections, Tests, Analyses, and Acceptance Criteria, includes the ITAAC associated with the CRVS. FSER Section 14.3 evaluates these ITAAC.
DCA Part 2 Tier 2: In DCA Part 2 Tier 2, Section 13.3, Emergency Planning, the applicant stated that the NuScale design includes [d]esign features, facilities, and equipment that are usable for up to 12 NuScale Power Modules to support emergency response functions. DCA Part 2 Tier 2, Section 13.3, describes that the TSC is located on the 30.48-meter (100-foot) elevation of the CRB. Additionally, the TSC design ensures that TSC personnel are protected from radiological hazards during accident conditions (i.e., radiation dose is limited to 5 roentgen equivalent man (rem) total effective dose equivalent (TEDE) for the duration of the accident).
In the event of a loss of CRVS or if the TSC becomes otherwise uninhabitable, personnel are evacuated and the TSC functions are transferred to an alternate location. Although EP is, for the most part, the responsibility of the COL applicant, the design bases for the standard plant include design features, facilities, functions, and equipment necessary for EP. The COL applicant is responsible for the interfaces of these features with site-specific parameters. In DCA Part 2 Tier 2, Section 13.3, the applicant stated that, [i]n the event of a loss of ventilation, or if the TSC becomes otherwise uninhabitable, personnel are evacuated and the TSC functions are transferred to a location designated by the emergency plan (COL Item 13.3-3).
The design bases for the standard plant include the following EP features:
TSC A TSC is an onsite facility that provides plant management and technical support to the plant operations personnel during emergency conditions.
emergency response data system (ERDS)
An ERDS is a direct near-real-time electronic data transmission system linked to the NRC Headquarters Operations Center that provides plant parameters from the onsite computer system. It allows the NRC to assess plant conditions and provide advice and support to the licensee and to Federal, State, and local authorities.
OSC An Operations Support Center OSC is a facility for emergency maintenance and other support personnel to gather as a ready resource to support actions initiated by the control room during an emergency. The applicant has identified COL Item 13.3-1, which directs the COL applicant to describe the onsite OSC.
emergency operations facility (EOF)
An EOF is a support facility for the management of overall licensee emergency response (including coordination with Federal, State, and local officials), coordination of radiological and environmental assessments, and determination of recommended public protective actions. The applicant has identified COL Item 13.3-2, which directs the COL applicant to describe the site-specific EOF.
13-11 TSC engineering workstations The TSC engineering workstations are part of the module control system and plant control system, which provide monitoring functionality to plant processes and equipment.
DCA Part 2 Tier 2, Section 7.2.13.7, Other Information Systems, further describes the TSC engineering workstations, and the corresponding FSER sections evaluate these workstations.
decontamination facilities Decontamination facilities, located in the annex building, are provided to remove or reduce radioactive contaminants from plant equipment, protective clothing, and personnel. DCA Part 2 Tier 2, Section 12.1.2.3, Facility Layout General Design Considerations for Maintaining Radiation Exposures ALARA, includes more information on the decontamination facilities, and the corresponding FSER sections evaluate these facilities.
The following DCA Part 2 Tier 2, sections describe the design features with an interface to EP:
Section 2.3, Meteorology Section 6.4, Control Room Habitability Section 7.2.13.7, Other Information Systems Section 9.3.2, Process Sampling System Section 9.4.1, Control Room Area Ventilation System Section 9.5.2, Communication System Section 12.1.2.3, Facility Layout General Design Considerations for Maintaining Radiation Exposures ALARA Section 12.3, Radiation Protection Design Features Section 12.4, Dose Assessment Section 12.5, Operational Radiation Protection Program Section 15.0.3, Design Basis Accident Radiological Consequence Analyses for Advanced Light Water Reactors Section 18.0, Human Factors Engineering The respective FSER sections address the staffs evaluation of these additional DCA Part 2 sections.
13-12 ITAAC: The COL applicant will provide proposed ITAAC to support the facilitys EP, as appropriate considering site-specific information (see COL Item 14.3-1).
Regulatory Basis The following NRC regulations contain the relevant requirements for this review:
10 CFR 52.79(a)(21), which requires a COL application to include emergency plans complying with 10 CFR 50.47, Emergency plans, and 10 CFR Part 50, Appendix E; although a DCA is not required to provide this information, any EP-related information a design certification applicant requests to be certified to support a future COL application must comply with these COL regulations 10 CFR 50.47 10 CFR 100.1, Purpose; 10 CFR 100.3, Definitions; 10 CFR 100.20, Factors to be considered when evaluating sites; and 10 CFR 100.21(g), as they relate to EP and emergency preparedness 10 CFR Part 50, Appendix E, as it relates to EP and the ERDS 10 CFR 52.48, as it relates to EP information in 10 CFR 50.47 submitted in a standard DCA 10 CFR 52.47(b)(1), which requires that a DCA include the proposed ITAAC that are necessary and sufficient to provide reasonable assurance that, if the inspections, tests, and analyses are performed and the acceptance criteria met, a facility that incorporates the design certification has been constructed and will be operated in accordance with the design certification; the provisions of the Atomic Energy Act of 1954, as amended; and the NRCs rules and regulations The following guidance documents provide criteria relevant to this review and are used to confirm that the above requirements have been adequately addressed:
SRP Section 13.3 lists the acceptance criteria that are adequate to meet the above requirements and the review interfaces with other SRP sections.
NUREG-0654, Criteria for Preparation and Evaluation of Radiological Emergency Response Plans and Preparedness in Support of Nuclear Power Plants, issued November 1980, contains specific acceptance criteria that the NRC has determined provide an acceptable means of complying with the standards in 10 CFR 50.47.
NUREG-0696, Functional Criteria for Emergency Response Facilities, issued February 1981, describes the facilities and systems that nuclear power plant licensees will use to improve responses to emergencies.
NUREG-0737, Clarification of TMI Action Plan Requirements, Supplement 1, Requirements for Emergency Response Capability, issued January 1983, describes post-TMI requirements for emergency response capabilities that have been approved for implementation.
13-13 The NRC Office of Nuclear Security and Incident Response (NSIR), Division of Preparedness and Response (DPR), interim staff guidance (ISG) document, NSIR/DPR-ISG-01, Interim Staff GuidanceEmergency Planning for Nuclear Power Plants, issued November 2011, provides updated guidance for addressing EP requirements for nuclear power plants based on changes to emergency preparedness regulations in 10 CFR 50.47 and 10 CFR Part 50, Appendix E, that the NRC published on November 23, 2011 (Volume 76 of the Federal Register (FR), page 72560 (76 FR 72560)).
Technical Evaluation 13.3.4.1 Technical Support Center The staff reviewed the information in DCA Part 2 for conformance with the applicable standards and requirements identified in SRP Section 13.3. DCA Part 2 Tier 2, Section 13.3, and other DCA Part 2 chapters listed in Section 13.3.2 of this report describe the design features of the TSC for the NuScale standard design.
The TSC is an onsite facility that provides plant management and technical support to the plant operations personnel during emergency conditions. DCA Part 2 Tier 2, Section 13.3, describes the physical location and size of the TSC. DCA Part 2 Tier 2, Section 13.3, notes that the TSC is located on the 100-foot elevation of the CRB, which is a seismic Category I structure below the 120-foot elevation, as discussed in DCA Part 2 Tier 2, Section 3.8.4.1.2, Control Building (see the staffs Request for Additional Information (RAI) 8925, Question 13.03-2, as well as the applicants response, in Agencywide Documents Access and Management System (ADAMS)
Accession No. ML17264B172).
The TSC is sized to provide working space of 75 square feet per person to avoid crowding and is designed to accommodate at least 25 people, including 5 NRC staff members and 20 utility staff members. This is consistent with the specific space and personnel accommodation criteria in NUREG-0696, Section 2.4 Size, and is acceptable. The TSC includes 2,500 square feet for a technical evaluation room and an additional 1,000 square feet for storage, three offices, and two conference rooms.
The TSC is equipped with voice communications systems, which provide communications between the TSC and the plant, local, and offsite emergency response facilities; the NRC; and local and State operations centers. DCA Part 2 Tier 2, Section 9.5.2.2, System Description, provides additional information on the TSCs voice communications systems. The associated FSER Section 9.5.2, Communication Systems, documents the staffs evaluation and finding that the communications systems are acceptable.
DCA Part 2 Tier 2, Section 8.3.1.1.2, Backup Power Supply System, states that the backup power supply system is designed to provide electrical power to the NuScale power plant when normal alternating current (ac) power is not available and that it includes two redundant backup diesel generators and an auxiliary ac power source. The associated FSER Chapter 8 sections document the staffs evaluation of the capability of the normal and backup power systems.
(Staff RAI 8925, Question 13.03-3, Part ii, as well as the applicants response, in ADAMS Accession No. ML17264B172, provide additional information.)
13-14 Section 2.8, Instrumentation, Data System Equipment, and Power Supplies, of NUREG-0696 states that the TSC must contain primary and backup power in order to maintain continuity of TSC functions and to immediately resume data acquisition, storage, and display of TSC data in the event of a loss of power. The applicants description of the normal and backup power sources to the TSC equipment shows that the TSC has an adequate source of reliable power from a normal and backup system to maintain continuity of TSC functions including data acquisition, storage, and display.
The TSC has the purpose of protecting personnel from direct, airborne, in-plant radiological hazards under accident conditions. DCA Part 2 Tier 2, Section 13.3, states, in part, The design ensures that personnel are protected from radiological hazards, including direct radiation and airborne radioactivity from in-plant sources under accident conditions (i.e., maximum of 5 rem TEDE for the duration of the accident).
Section 2.6, Habitability, of NUREG-0696 states that the purpose of the TSC is to provide direct management and technical support to the control room during an accident.Section II.B.2, Design Review of Plant Shielding and Environmental Qualification of Equipment for Spaces/Systems Which May Be Used in Postaccident Operations, of NUREG-0737, issued November 1980, states that any area that will, or may, require occupancy to permit an operator to aid in the mitigation of, or recovery from, an accident is designated as a vital area. The control room and TSC must be included among those areas to which access is considered vital after an accident. Further, the design dose rate for personnel in a vital area should be such that doses do not exceed the requirements of General Design Criterion (GDC) 19, Control Room, of Appendix A, General Design Criteria for Nuclear Power Plants, to 10 CFR Part 50 during an accident. GDC 19 requires that radiation protection be adequate to ensure that radiation exposure to personnel does not exceed 0.05 sievert (Sv) (5 rem) TEDE for the duration of the accident. In addition, NUREG-0737, Supplement 1, Section 8.2.1.f, states that the TSC will be provided with radiological protection and monitoring equipment necessary to assure that radiation exposure to any person working in the TSC would not exceed 0.05 Sv (5 rem) whole body or its equivalent to any part of the body for the duration of the accident. (After NUREG-0737, Supplement 1, was published, the NRC revised GDC 2 so that the applicable dose for the DCA is 5 rem TEDE.) These requirements and associated guidelines form the basic radiological habitability criteria for the TSC.
FSER Section 9.4.1 provides the staffs evaluation of the CRVS, which serves the main control room and TSC. The staffs evaluation of the radiological habitability of the TSC is addressed in FSER Section 6.4.4.7.5, TSC Habitability, and Section 15.0.3.4.3, Design Basis Accident Radiological Consequence Analyses. (Staff RAI 8925, Question 13.03-2, Part ii, as well as the applicants response, in ADAMS Accession No. ML17264B172, provide additional information.)
The guidance in NUREG-0696, Section 2.6, addresses the potential need to move the TSC functions if the TSC becomes uninhabitable. The staff notes that as part of COL Item 13.3-3, the applicant included a provision in the DCA for a future COL applicant to address the need to designate a location in the COL application emergency plan for the transfer of TSC functions in the event of the loss of ventilation to the TSC, or if the TSC otherwise becomes uninhabitable.
This is consistent with the guidance in NUREG-0696, Section 2.6, and is acceptable.
The staff concludes that for the matters reviewed in this section, the information provided in the application is consistent with the guidance identified in NUREG-0696, Supplement 1 to NUREG-0737, and the SRP. Since the information is consistent with the applicable guidance, it is sufficient to meet the associated regulatory requirements. Therefore, the staff determined
13-15 that the information reviewed in this section meets the applicable requirements of 10 CFR 50.47(b)(8) and (11), and Sections IV.E.3 and IV.E.8 of Appendix E to 10 CFR Part 50.
13.3.4.2 Operational Support Center The applicant has identified COL Item 13.3-1, which directs the COL applicant to describe the onsite OSC. The staff finds that the inclusion of a COL information item associated with the OSC is acceptable because the COL applicant must describe the OSC to comply with 10 CFR 50.47(b)(8). The NRC will evaluate the acceptability of a future COL applicants proposed OSC as part of the COL application process.
13.3.4.3 Emergency Operations Facility The applicant has identified COL Item 13.3-2, which directs the COL applicant to describe the site-specific EOF. The staff finds that the inclusion of a COL information item associated with the EOF is acceptable because the COL applicant must describe the EOF to comply with 10 CFR 50.47(b)(8) and 10 CFR Part 50, Appendix E. The NRC will evaluate the acceptability of a future COL applicants proposed EOF as part of the COL application process.
13.3.4.4 Technical Support Center Engineering Workstations In DCA Part 2 Tier 2, Section 13.3, the applicant noted that the TSC includes engineering workstations as described in DCA Part 2 Tier 2, Section 7.2.13.7.
The guidance in NUREG-0696, Section 2.8, calls for the TSC to have equipment to gather, store, and display data needed in the TSC to analyze plant conditions. The system that provides this capability is generically referred to as the safety parameter display system (SPDS). The applicant has explained that a TSC engineering workstation is provided that serves the same function as the generic SPDS. The TSC engineering workstation, which is part of the plant control system, receives information from the module control system (MCS) and post accident monitoring (PAM) and has the capability to gather, store, and display data needed in the TSC. The staff finds that the TSC engineering workstations satisfy the guidance in NUREG-0696 and provide for equipment capable of gathering, storing, and displaying data needed in the TSC to analyze plant conditions. For this reason, the staff determined that this information meets the applicable requirements of 10 CFR 50.47(b)(8) and 10 CFR Part 50, Appendix E, Section IV.E.8.a(i). (Staff RAI 8925, Question 13.03-3, as well as the applicants response, in ADAMS Accession No. ML17264B172, provide additional information.)
13.3.4.5 Emergency Response Data System In DCA Part 2 Tier 2, Section 13.3, the applicant stated the following:
An emergency response data system compliant with Section VI of 10 CFR [Part] 50, Appendix E, provides a direct near-real-time electronic data link of selected parameters between the onsite computer system and the NRC Operations Center in the event of an emergency.
In consideration of COL Item 13.3-3, the NRC staff finds it acceptable for a future COL applicant to address the specific data transmitted through the ERDS as part of its emergency plan. (Staff RAI 8925, Question 13.03-3, Part i, as well as the applicants response, in ADAMS Accession No. ML17264B172, provide further information.)
13-16 The staff concludes that the application has provided an adequate description of a direct near-real-time electronic data link between the onsite computer system and the NRCs ERDS that provides for the automated transmission of a limited data set of selected parameters. This meets the requirements in Section VI, Emergency Response Data System, of Appendix E to 10 CFR Part 50 to have a connection to the ERDS.
13.3.4.6 Decontamination Facilities Decontamination facilities are provided to remove or reduce radioactive contaminants from plant equipment, protective clothing, and personnel. As described in DCA Part 2 Tier 2, Section 12.1.2.3, and the associated section of the SER, personnel and equipment decontamination areas are located in the annex building.
The staff finds that the information provided in the application on the decontamination rooms is consistent with the guidance in Section II.K, Radiological Exposure Control, of NUREG-0654 that such a facility should be provided. For this reason, the staff determined that this information meets the applicable requirements of 10 CFR 50.47(b)(8) and 10 CFR Part 50, Appendix E, Section IV.E.3.
13.3.4.7 Inspections, Tests, Analyses, and Acceptance Criteria The applicant did not provide EP-specific ITAAC for the design and specified COL Item 14.3-1 for a future COL applicant to address ITAAC, as listed in Section 13.3.5 of this report. The NRC will evaluate the acceptability of a future COL applicants proposed ITAAC as part of the COL application process. FSER Section 14.3.10 also mentions the COL item.
Combined License Information Items Table 13.3-1 below lists COL information items related to EP, as provided in DCA Part 2 Tier 2, Sections 13.3 and 14.3. DCA Part 2 Tier 2, Section 13.3, provides information related to those aspects of EP that are non-site-specific EP features and that are technically relevant to the design (i.e., facilities and equipment). However, the COL applicant that references the NuScale certified design is responsible for the programmatic aspects of EP and emergency preparedness. The NRC staff reviewed COL Items 13.3-1 through 13.3-3 and 14.3-1, and found them to be consistent with the regulatory standards in 10 CFR 50.47(b) and 10 CFR Part 52 and with the guidance in the SRP. Therefore, the staff finds that the proposed COL information items are sufficient in identifying information the COL applicant needs to provide to address the applicable requirements.
Table 13.3-1 NuScale COL Information Items Related to DCA Part 2 Tier 2, Sections 13.3 and 14.3 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.3-1 A COL applicant that references the NuScale Power Plant design certification will provide a description of the onsite operational support center (OSC) including the direct communication system or systems between the OSC and the control room.
13.3 COL Item 13.3-2 A COL applicant that references the NuScale Power Plant design certification will provide a description of an emergency operations facility for management of overall licensee emergency response. The facility will 13.3
13-17 Item No.
Description DCA Part 2 Tier 2 Section meet the requirements of 10 CFR 50.47(b)(8) and Section IV.E, Emergency Facilities and Equipment, of Appendix E to 10 CFR Part 50.
COL Item 13.3-3 A COL applicant that references the NuScale Power Plant design certification will provide a comprehensive emergency plan in accordance with 10 CFR 50.47, 10 CFR 50, Appendix E, 10 CFR 52.48, and 10 CFR 52.79(a)(21).
13.3 COL Item 14.3-1 A COL applicant that references the NuScale Power Plant design certification will provide the site-specific selection methodology and Inspections, Tests, Analyses, and Acceptance Criteria for emergency planning.
14.3 Conclusion The staff concludes, on the basis of its review as described above, that the applicant has adequately addressed the EP design-related features for the NuScale Power Plant design.
Therefore, the information is acceptable and meets the applicable requirements listed in Section 13.3.3 of this report.
Operational Programs Introduction A COL applicant is required by 10 CFR 52.79 to describe operational programs, but similar requirements do not exist for DCAs. NuScale provided a COL item describing a future COL applicants obligation to provide operational program information. The staff evaluated this section using draft Revision 4 of SRP Section 13.4, issued September 2018.
Summary of Application In DCA Part 2 Tier 2, Section 13.4, Operational Programs, the applicant provided COL Item 13.4-1, which states that a COL applicant that references the NuScale Power Plant design certification will provide site-specific information, including an implementation schedule, for the listed operational programs.
DCA Part 2 Tier 1: There is no Tier 1 information for the operational programs.
DCA Part 2 Tier 2: DCA Part 2 Tier 2, Section 13.4, provides the applicants COL information item on operational programs.
ITAAC: There are no ITAAC associated with the operational programs.
Technical Specifications: There are no TS associated with the operational programs.
Technical Reports: There is no TR associated with the operational programs.
Regulatory Basis There are no regulatory requirements regarding operational programs for a design certification applicant. A design certification applicant is required to have a quality assurance program
13-18 meeting the requirements of 10 CFR Part 50, Appendix B. FSER Chapter 17 describes how the applicant meets that requirement. Similarly, FSER Chapter 13, Section 13.6, Physical Security, issued as a stand-alone report, describes how the applicant meets the information security requirements of 10 CFR Part 73.
Technical Evaluation The staff compared the list of operational programs in COL Item 13.4-1 with the recommended list in SRP Section 13.4. The staff found that the applicants list included all of the programs the SRP recommended.
Combined License Information Items Table 13.4-1 below lists a COL information item related to operational programs, from DCA Part 2 Tier 2, Table 1.8-2.
Table 13.4-1 NuScale COL Information Items Related to DCA Part 2 Tier 2, Section 13.4 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.4-1 A COL applicant that references the NuScale Power Plant design certification will provide site-specific information, including implementation schedule, for operational programs:
Inservice inspection programs (refer to Section 5.2, Section 5.4, and Section 6.6)
Inservice testing programs (refer to Section 3.9 and Section 5.2)
Environmental qualification program (refer to Section 3.11)
Pre-service inspection program (refer to Section 5.2 and Section 5.4)
Reactor vessel material surveillance program (refer to Section 5.3)
Pre-service testing program (refer to Section 3.9.6, Section 5.2, and Section 6.6)
Containment leakage rate testing program (refer to Section 6.2)
Fire protection program (refer to Section 9.5)
Process and effluent monitoring and sampling program (refer to Section 11.5)
Radiation protection program (refer to Section 12.5)
Non-licensed plant staff training program (refer to Section 13.2)
Reactor operator training program (refer to Section 13.2)
Reactor operator requalification program (refer to Section 13.2) 13.4
13-19 Item No.
Description DCA Part 2 Tier 2 Section Emergency planning (refer to Section 13.3)
Process control program (PCP) (refer to Section 11.4)
Security (refer to Section 13.6)
Quality assurance program (refer to Section 17.5)
Maintenance rule (refer to Section 17.6)
Motor-operated valve testing (refer to Section 3.9)
Initial test program (refer to Section 14.2)
Conclusion The staff determined that the COL item listed above is acceptable because the applicant appropriately directs the COL applicant to develop operational programs, consistent with the list provided in SRP Section 13.4, draft Revision 4.
Plant Procedures Introduction A COL holders plant procedures include (1) administrative procedures that provide for administrative control over safety-related activities for the operation of the facility, (2) operating procedures and emergency operating procedures (EOPs) used to ensure that routine operating, off-normal (i.e., abnormal), and emergency activities are conducted in a safe manner, and (3) procedures for other safety-related plant operating activities, including related maintenance activities, that the operating program or EOP program does not cover.
The staff reviewed the DCA to evaluate the COL information items for plant procedures. The staff also reviewed Revision 1 of the NuScale Generic Technical Guidelines (GTGs). The staff did not make a regulatory finding on the technical content of Revision 1 of the NuScale GTGs because the staff reviews the COL applicants program for developing and implementing the plant procedures. The staff will review the technical content of the generic guidance used to develop plant-specific technical guidelines (P-STGs), when a procedure generation package is submitted by a COL applicant.
Summary of Application DCA Part 2 Tier 1: There is no Tier 1 information associated with this section.
DCA Part 2 Tier 2: Procedure development is not within the scope of the NuScale DCA. This responsibility resides with the COL applicant. DCA Part 2 Tier 2, Section 13.5, Plant Procedures, specifies COL information items for the COL applicant to describe the administrative, operating, and maintenance procedures.
ITAAC: The applicant has not proposed any ITAAC related to this area of review.
13-20 Technical Specifications: There are no TS for this area of review.
Technical Reports: There is one TR for this area of review:
TR-1117-57216, NuScale Generic Technical Guidelines, Revision 1, dated May 31, 2019 (ADAMS Accession No. ML19151A810)
Regulatory Basis SRP Section 13.5.1.1, Administrative ProceduresGeneral, and SRP Section 13.5.2.1, Operating and Emergency Operating Procedures, identify, in part, the relevant NRC regulatory requirements for plant procedures and the associated acceptance criteria.
The applicable regulatory requirements for plant procedures are as follows:
10 CFR 50.34(f)(2)(ii), as it pertains to the TMI-related requirement for applicants to establish a program to begin during construction and to follow into operation for assessing and improving plant emergency procedures 10 CFR 50.34(f)(3)(i), as it pertains to the TMI-related requirement to provide administrative procedures that evaluate and provide feedback on operating experience, design experience, and construction experience 10 CFR 50.40(a), as it pertains to the issuance of a COL under 10 CFR Part 52 based on considerations of whether the applicant has developed operating procedures that are sufficient to provide reasonable assurance that the nuclear power plant can be safely operated 10 CFR Part 50, Appendix B, as it pertains to the establishment of criteria for the development, approval, and control of procedures for all activities affecting quality 10 CFR 52.79(a)(27), (29)(i), and (29)(ii), as they pertain to information that must be included in the FSAR submitted as part of the application for a COL, specifically, (1) the managerial and administrative controls associated with procedures used to perform activities that affect the quality of SSCs covered under the quality assurance program, as established in 10 CFR Part 50, Appendix B, and (2) plans for the development and implementation of plant procedures used for emergency operations (other than EP) and the conduct of normal operations, including maintenance, surveillance, and periodic testing of SSCs The related acceptance criteria are as follows:
RG 1.33, Quality Assurance Program Requirements (Operation), Revision 3, issued June 2013 Appendix A, Typical Procedures for Pressurized Water Reactors and Boiling Water Reactors, to American National Standards Institute (ANSI)/American Nuclear Society (ANS) 3.2-2012, Managerial, Administrative, and Quality Assurance Controls for Operational Phase of Nuclear Power Plants
13-21 Section III of SRP Section 13.5.1.1, Revision 2, issued August 2016 SRP Section 13.5.2.1, Revision 2, issued March 2007 Section I.C.1, Guidance for the Evaluation and Development of Procedures for Transients and Accidents, of NUREG-0737 Section 7, Upgrade Emergency Operating Procedures, of Supplement 1 to NUREG-0737 NUREG-0899, Guidelines for the Preparation of Emergency Operating Procedures Resolution of Comments on NUREG-0799, issued August 1982 Technical Evaluation DCA Part 2 Tier 2, Section 13.5, identifies procedure development as the COL applicants responsibility. This section evaluates the adequacy of the COL information items for plant procedures.
13.5.4.1 Combined License Information Items The NRC requires a COL applicant that references the NuScale certified design to address the site-specific information described in the COL information items at the COL stage.
13.5.4.1.1 Administrative Procedures SRP Section 13.5.1.1 describes administrative procedures as those that provide for administrative control over safety-related activities for the operation of the facility. The staffs review of the NuScale DCA using SRP Section 13.5.1.1 focused on the evaluation of COL information items pertaining to administrative procedures. COL Item 13.5-1 in DCA Part 2 Tier 2, Section 13.5.1, Administrative Procedures, directs the COL applicant to describe site-specific procedures that provide administrative control for activities that are important for the safe operation of the facility consistent with the guidance in RG 1.33, Revision 3, which endorses ANSI/ANS 3.2-2012. Accordingly, the staff determined that COL Item 13.5-1 identifies information the COL applicant needs to provide for administrative procedures.
SRP Section 13.5.1.1 provides the technical rationale for applying SRP acceptance criteria to the establishment of a program for the development and implementation of administrative procedures. DCA Part 2 Tier 2, Section 13.5.1, COL Item 13.5-4, directs the COL applicant to provide a program for the development and implementation of administrative procedures and a plan for the development, implementation, and control of administrative procedures, including preliminary schedules for preparation and target completion dates. Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures. The staff determined that COL Item 13.5-4 is consistent with provisions in SRP Section 13.5.1.1.
13.5.4.1.2 Operating and Maintenance Procedures SRP Section 13.5.2.1 states that the applicants SAR should describe the different classifications of procedures that the operators will use in the control room and locally in the plant for plant operations. DCA Part 2 Tier 2, Section 13.5.2, Operating and Emergency
13-22 Operating Procedures, COL Item 13.5-2, directs the COL applicant to describe the site-specific procedures that operators use in the main control room and locally in the plant, including normal operating procedures, abnormal operating procedures, and EOPs. The COL applicant will also describe the classification system for these procedures and the general format and content of the different classifications. The staff determined that COL Item 13.5-2 appropriately directs the COL applicant to describe the different classifications of the site-specific procedures that licensed operators and nonlicensed operators perform.
SRP Section 13.5.2.1 states that the applicants SAR should describe plant procedures that will be used by the operating organization (i.e., plant staff). DCA Part 2 Tier 2, Section 13.5.2.2, COL Item 13.5-3, directs a COL applicant to describe the site-specific program for developing maintenance and other operating procedures. It also requires COL applicants to describe how these procedures are classified, including the general format and content of the different classifications. This COL information item includes a list of the categories of procedures to be included. The staff determined that COL Item 13.5-3 appropriately directs the COL applicant to describe the different classifications of procedures for developing maintenance and other operating procedures (i.e., procedures for activities not procedurally covered under the operating procedures or EOPs identified in Section I.1 of SRP Section 13.5.2.1).
SRP Section 13.5.2.1 provides the technical rationale for applying SRP acceptance criteria to the establishment of programs for the development and implementation of operating and maintenance procedures. Thus, the applicant should include COL information items that direct the COL applicant to provide programs for development and implementation of the operating and maintenance procedures. DCA Part 2 Tier 2, Section 13.5.2, Operating and Maintenance Procedures, COL Item 13.5-5, directs a COL applicant to provide a plan for the development, implementation, and control of operating procedures, including preliminary schedules for preparation and target completion dates. Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures.
COL Item 13.5-7 directs a COL applicant to provide a plan for the development, implementation, and control of EOPs, including preliminary schedules for preparation and target completion dates. In its submittal, the COL applicant is to include the procedures generation package, which comprises the P-STGs, a plant-specific writers guide for preparing EOPs based on the P-STGs, a description of the program for verification and validation of the EOPs, and a description of the program for training operators on the EOPs. Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures.
COL Item 13.5-8 directs a COL applicant to provide a plan for the development, implementation, and control of maintenance and other operating procedures, including preliminary schedules for preparation and target completion dates. Additionally, the COL applicant will identify the group or groups within the operating organization that will be responsible for maintaining and following these procedures.
The staff concludes that COL Items 13.5-5, 13.5-7, and 13.5-8 appropriately require the COL applicant to provide programs for the development, implementation, and control of operating and maintenance procedures.
13-23 13.5.4.2 NuScale Generic Technical Guidelines SRP Section 13.5.2.1 states that COL applicants can use design-specific GTGs to develop P-STGs from which they will develop their EOPs. DCA Part 2 Tier 2, COL Item 13.5-7, directs the COL applicant to submit P-STGs based on analysis of transients and accidents that are specific to the COL applicants plant design and operating philosophy as part of the procedures generation package. SRP Section 13.5.2.1 says that the staff will review the COL applicants program for development and implementation of the EOPs. The COL applicants procedure generation package submittal should include the P-STGs, a plant-specific writers guide that details the specific methods to be used by the COL applicant in preparing EOPs based on P-STGs, a description of the program for verifying and validating the EOPs, and a description of the program for training operators on the EOPs. Prior to plant startup, the staff uses Inspection Procedure 42454, Part 52, Emergency Operating Procedures, to inspect a sample of EOPs at the plant. To support development of P-STGs, the applicant developed design-specific generic technical guidelines.
The staff reviewed the general scope and format of the GTGs. The staff observed that the scope includes transients and accidents analyzed in DCA Part 2 Tier 2, Chapters 7, Instrumentation and Controls, 15, Transient and Accident Analyses, 19, Probabilistic Risk Assessment and Severe Accident Evaluation, and 20, Mitigation of Beyond-Design-Basis Events. The staff also observed that the GTGs identify operator actions that are discussed in these analyses, such as human actions credited in the probabilistic risk assessment described in DCA Part 2 Tier 2, Chapter 19. The GTGs also identify operator actions to be performed if automatic actuations of safety systems fail to respond as designed. Such actions are relevant for inclusion in emergency operating procedures. Additionally, the staff observed that the GTGs use a symptom-based approach such that plant indications are organized by the critical safety functions. As discussed in NUREG-0737,Section I.C.1, Guidance for the Evaluation and Development of Procedures for Transients and Accidents, the use of human-factored, function-oriented procedures helps to improve human reliability and the ability to mitigate the consequences of a broad range of initiating events and subsequent multiple failures or operator errors. During the June 2019 audit of validation and verification activities (ADAMS Accession No. ML19175A067), the staff observed portions of the applicants GTG validation activities, which are discussed in Section 6.0, Validation, of the GTGs. The applicant tested each GTG logic path as either part of the integrated systems validation (ISV) test, which is discussed in Section 18.10.1.3 of this FSER, or by conducting tabletop walkthroughs. Feedback from the application of the GTGs during the ISV and the tabletop walkthroughs was identified and incorporated into the GTGs. The staffs observation of ISV testing indicated that operators were able to implement the logic paths in the GTGs to perform actions expected in the ISV scenarios.
As such, the staff concludes that the validation testing provided proof of concept for the NuScale GTGs.
The staff is not making a finding on the technical adequacy of the GTGs; rather, in accordance with the review procedures in SRP 13.5.2.1, the staff will review the P-STGs to determine whether acceptable analyses of accidents and transients and development of technical guidelines for operator actions applicable to the plant have been completed, and whether the COL applicant has an acceptable process for identifying operator information and control needs to be included in plant procedures.
13-24 Combined License Information Items Table 13.5-1 below lists COL information item numbers and descriptions related to plant procedures from DCA Part 2 Tier 2, Table 1.8-2.
Note that the applicant deleted COL Information Item 13.5-6, which separately addressed the application and usage of site-specific EOPs, from the original application. The staff agrees with not using COL Item 13.5-6 because the content it initially contained exists in COL Item 13.5-2.
Accordingly, as indicated in Table 13.5-1, COL Item 13.5-6 is not used.
Table 13.5-1 NuScale COL Information Items Related to DCA Part 2 Tier 2, Section 13.5 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.5-1 A COL applicant that references the NuScale Power Plant design certification will describe the site-specific procedures that provide administrative control for activities that are important for the safe operation of the facility consistent with the guidance provided in RG 1.33, Revision 3.
13.5.1 COL Item 13.5-2 A COL applicant that references the NuScale Power Plant design certification will describe the site-specific procedures that operators use in the main control room and locally in the plant, including normal operating procedures, abnormal operating procedures, and emergency operating procedures (EOPs). The COL applicant will describe the classification system for these procedures, and the general format and content of the different classifications.
13.5.2.1 COL Item 13.5-3 A COL applicant that references the NuScale Power Plant design certification will describe the site-specific maintenance and other operating procedures, including how these procedures are classified, and the general format and content of the different classifications. The categories of procedures listed below should be included:
plant radiation protection procedures; emergency preparedness procedures; calibration and test procedures; chemical-radiochemical control procedures; radioactive waste management procedures; maintenance and modification procedures; material control procedures; and plant security procedures.
13.5.2.2
13-25 Item No.
Description DCA Part 2 Tier 2 Section COL Item 13.5-4 A COL applicant that references the NuScale Power Plant design certification will provide a plan for the development, implementation, and control of administrative procedures, including preliminary schedules for preparation and target dates for completion. Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures.
13.5.1 COL Item 13.5-5 A COL applicant that references the NuScale Power Plant design certification will provide a plan for the development, implementation, and control of operating procedures, including preliminary schedules for preparation and target dates for completion. Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures.
13.5.2.1 COL Item 13.5-6 Not used.
N/A COL Item 13.5-7 A COL applicant that references the NuScale Power Plant design certification will provide a plan for the development, implementation, and control of EOPs, including preliminary schedules for preparation and target dates for completion. Included in the submittal is the Procedures Generation Package, consisting of the following:
Plant Specific Technical Guidelines, which are guidelines based on analysis of transients and accidents that are specific to the COL applicants plant design and operating philosophy.
A plant-specific writers guide that details the specific methods to be used by the COL applicant in preparing EOPs based on the Plant Specific Technical Guidelines.
A description of the program for verification and validation of the EOPs.
A description of the program for training operators on the EOPs.
Additionally, the COL applicant will identify the group within the operating organization responsible for maintaining these procedures.
13.5.2.1 COL Item 13.5-8 A COL applicant that references the NuScale Power Plant design certification will provide a plan for the development, implementation, and control of maintenance and other operating procedures, including preliminary schedules for preparation and target dates for completion.
Additionally, the COL applicant will identify what group or groups within the operating organization have the responsibility for maintaining and following these procedures.
13.5.2.2 Conclusion The COL applicant is responsible for the development of plant procedures. In its review of DCA Part 2 Tier 2, Section 13.5, the staff evaluated seven COL information items. The staff
13-26 determined that the seven COL information items are sufficient to identify information the COL applicant needs to provide to address the applicable requirements for plant procedures.
The staff concludes that the COL information items specified in Table 13.5-1 are sufficient to identify information that the COL applicant needs to provide to address the applicable requirements of 10 CFR 50.34, 10 CFR 50.40, Appendix B to 10 CFR Part 50, and 10 CFR 52.79.
Physical Security 13.6.1 Introduction This chapter of the final safety evaluation report (FSER) documents the U.S. Nuclear Regulatory Commission (NRC) staffs review of Chapter 13, Conduct of Operations, Section 13.6, Physical Security and Section 13.7, Fitness for Duty, of the NuScale Power, LLC (hereafter referred to as the applicant), Design Certification Application (DCA), Part 2, Final Safety Analysis Report (FSAR). DCA Part 2, Tier 1 and Tier 2, and the referenced Technical Report (TR)-0416-48929, NuScale Design of Physical Security Systems, Revision 1, dated January 8, 2019, describe the physical security systems, hardware, and features (hereafter referred to as PSS) that are within the scope of the NuScale Power Plant standard design.
DCA Part 2 establishes a design standard for PSS that will provide detection, assessment, communication, delay, and response functions to protect against malevolent acts up to and including the design-basis threat (DBT) for radiological sabotage.
The NuScale standard design, along with the site-specific design of a physical protection system, physical protection programs, management systems, and organization that are described by a combined license (COL) applicant, must demonstrate how a COL applicant will meet the performance and prescriptive requirements of Title 10 of the Code of Federal Regulations (10 CFR) Part 73, Physical Protection of Plants and Materials. The NuScale standard design provides the design descriptions for engineered PSS and credited design features (e.g., structural walls, floors, and ceilings and configurations of the nuclear island and structures), descriptions of intended security functions and performance requirements, design bases for the detailed design, and supporting technical bases that a COL applicant will incorporate by reference as part of its design and licensing bases.
The COL applicant that references the certified NuScale design will address the PSS designs that are not included in the scope of the NuScale standard design. DCA Part 2, Tier 2, Section 13.6, Security, includes COL Items 13.6-1 through 13.6-4, which address the establishment of a physical security program for operations, site-specific PSS designs, and site-specific security inspections, tests, analyses, and acceptance criteria (ITAAC). These COL items direct a COL applicant that references the certified NuScale design to establish operational programs and to provide security plans, address requirements involving the central alarm system consistent with TR-0416-48929, provide a secondary alarm station, and provide ITAAC for site-specific physical security structures, systems, and components (SSCs). COL Items 13.6-5 and 13.6-6 direct a COL applicant to develop an access authorization program and a cybersecurity program, respectively. In some cases, the programs may be implemented in phases, where practical, and the COL applicant is to include the phased implementation milestones. COL Item 14.3-2 directs a COL applicant to provide the site-specific physical security ITAAC and verification requirements.
13-27 13.6.2 Summary of Application The DCA Part 2, Tier 1 and Tier 2, sections cited below, and the referenced TR contain the applicants descriptions of PSS and physical security ITAAC for the NuScale standard design and describe how they meet regulatory requirements.
DCA Part 2, Tier 1: DCA Part 2, Tier 1, Section 3.0, Shared Structures, Systems and Components and Non-Structures, Systems, and Components Design Descriptions and Inspections, Tests, Analyses, and Acceptance Criteria, includes design descriptions and ITAAC for portions of the plant that are common or shared by multiple modules for the NuScale Power Plant. DCA Part 2, Tier 1, Section 3.16.1, Design Description, describes the NuScale standard design commitments for PSS that provide capabilities for detection, assessment, and delay functions for protecting threats up to and including the DBT for radiological sabotage and provide defense in depth through the integration of systems, technologies, and equipment.
DCA Part 2, Tier 1, Table 3.16-1, Physical Security System Inspections, Tests, Analyses, and Acceptance Criteria, establishes design commitments and ITAAC to verify PSS that are within the scope of the NuScale standard design. The staffs review of these ITAAC is documented in Section 14.3 of this SER.
DCA Part 2, Tier 2: DCA Part 2, Tier 2, Section 1.2, General Plant Description, through Section 1.9, Conformance with Regulatory Criteria, describe the scope of the NuScale standard design. DCA Part 2, Tier 2, Section 1.8, Interface with Certified Design, addresses the interface requirements between the NuScale standard design and the site-specific design.
DCA Part 2, Tier 2, Figure 1.2-2, NuScale Function Boundaries, depicts the general boundaries of structures or components between the standard design and site-specific design.
DCA Part 2, Tier 2, Section 1.8.1, Combined License Information Items, identifies information that must be provided in order to license and operate a site-specific NuScale Power Plant but is not included in the standard design. DCA Part 2, Tier 2, Table 1.8-2, lists the descriptions of COL information items that are addressed by the COL applicant. The table includes COL Items 13.6-1 through 13.7-2 that address physical security.
DCA Part 2, Tier 2, Section 13.6, provides design descriptions of PSS for the capabilities to detect, assess, impede, and delay threats up to and including the DBT and to provide for defense in depth through the integration of systems, technologies, and equipment.
TR-0416-48929, which is incorporated by reference, describes the designs of PSS within the nuclear island and structures.
The applicant describes conformance with the NRC regulatory guides (RGs) in DCA Part 2, Tier 2, Section 1.9. DCA Part 2, Tier 2, Tables 1.9.1-1 through 1.9.1-4, identify conformance to RGs, standard review plans, design-specific review standards, and interim staff guidance. DCA Part 2, Tier 2, Table 1.9-2, Conformance with Regulatory Guides, identifies the applicants conformance with Division 5, Materials and Plant Protection, RGs that apply to security and lists guidance that includes RG 5.7, Entry/Exit Control for Protected Areas, Vital Areas, and Material Access Areas; RG 5.65, Vital Area Access Controls, Protection of Physical Security Equipment, and Key and Lock Controls; and RG 5.79, Protection of Safeguards Information, for elements of the site-specific physical security program that the COL applicant will address and that do not apply to design certification. DCA Part 2, Tier 2, Table 1.9-3, Conformance with NUREG-0800, Standard Review Plan (SRP) and Design Specific Review Standard, specifically describes the applicability of standard review plans to the NuScale standard design.
13-28 Technical Specifications: There are no technical specifications established for PSS or operations.
Technical Reports: By letter dated January 8, 2019, the applicant submitted to the NRC TR-0416-48929, Revision 1, which describes the security considerations in the NuScale standard design. This technical report describes the design bases for the PSS designs, including plant layout and building configurations, results of evaluations, and identified vital equipment and areas for the NuScale standard design. The scope of the PSS described in the DCA is limited to the PSS related to the nuclear islands and structures that are within the scope of the NuScale standard design. TR-0416-48929 contains safeguards information (SGI),
security-related information, and proprietary information; therefore, it is protected in accordance with 10 CFR 73.21, Protection of Safeguards Information: Performance requirements, and 10 CFR 2.390, Public inspections, exemptions, requests for withholding.
Section 4.1, Design Element No. 1, through Section 4.24, Design Element No. 24, of TR-0416-48929 provide design descriptions and system performances that support the DCA Part 2, Tier 1, physical security ITAAC. The descriptions correlate to each of the physical security hardware ITAAC in NUREG-0800, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition (SRP), Section 14.3.12, Physical Security HardwareInspections, Tests, Analyses, and Acceptance Criteria, and DCA Part 2, Tier 1, Section 3.16.2.
TR-0416-48929 identifies PSS that are not within the scope of the NuScale standard plant (e.g., the protected area (PA) barrier systems, unattended openings, isolation zones, vehicle barrier systems (VBSs), PA security lighting, perimeter defensive fighting positions, personnel and vehicle access control portals, PA penetrations). COL Item 13.6-1 directs the applicant to describe site-specific PSS designs (i.e., outside of the scope of the NuScale standard plant) and security plans that indicate how engineered and administrative controls, management systems, and organization will meet the requirements of 10 CFR Part 73 that apply to an operating nuclear power reactor.
13.6.3 Regulatory Basis Under 10 CFR 52.47, Contents of applications; technical information, the NRC requires information submitted for a design certification to include performance requirements and design information sufficiently detailed to permit the preparation of acceptance and inspection requirements by the staff and procurement specifications and construction and installation specifications by an applicant. The provisions in 10 CFR 52.48, Standards for review of applications, require applications that are filed to be reviewed for compliance with the requirements in 10 CFR Part 73. The provisions in 10 CFR 52.47(b)(1) require the application to contain proposed ITAAC that are necessary and sufficient to provide reasonable assurance that, if the inspections, tests, and analyses are performed and the acceptance criteria met, a facility that incorporates the design certification has been constructed and will be operated in conformity with the design certification; the provisions of the Atomic Energy Act of 1954, as amended; and the Commissions rules and regulations.
The security regulations in 10 CFR Part 73 include performance and prescriptive requirements that, when adequately met and implemented, provide protection against acts of radiological sabotage, prevent the theft or diversion of special nuclear material, and protect SGI.
13-29 Under 10 CFR 73.55(b), the NRC requires the COL applicant to describe a physical protection system and security organization whose objective will be to provide high assurance that activities involving special nuclear material are not inimical to the common defense and security and do not constitute an unreasonable risk to public health and safety. A physical protection system (i.e., detection, assessment, communication, and response) with capabilities to detect, assess, interdict, and neutralize shall be designed to protect against the DBT of radiological sabotage.
The regulations in 10 CFR 73.55(b)(2) establish the performance requirements to protect a nuclear power plant against the DBT for radiological sabotage as described in 10 CFR 73.1(a)(1). The COL applicant must describe how it will meet regulatory requirements, including achieving the high-assurance objective for protection against the DBT of radiological sabotage. The provisions in 10 CFR 73.54, Protection of digital computer and communication systems and networks; 10 CFR 73.55, Requirements for physical protection of licensed activities in nuclear power reactors against radiological sabotage; 10 CFR 73.56, Personnel access authorization requirements for nuclear power plants; 10 CFR 73.58, Safety/security interface requirements for nuclear power reactors; and Appendix B, General Criteria for Security Personnel, and Appendix C, Licensee Safeguards Contingency Plans, to 10 CFR Part 73 establish performance and prescriptive requirements that are applicable to PSS designs, operational security, management processes, and programs.
The applicable requirements for design certification are limited to PSS within the scope of the NuScale standard design. According to 10 CFR 52.79, Contents of applications; technical information in final safety analysis report, the COL applicant addresses the operational or administrative controls, programs, procedures, and processes (e.g., management systems or controls), but these areas are not in the scope for certification of the NuScale standard design.
An applicant may apply the latest revision of the following regulatory guidance documents and accepted industry codes, standards, or guidance to meet regulatory requirements:
RG 1.206, Combined License Applications for Nuclear Power Plants (LWR Edition),
Revision 0, issued June 2007 The SRP, particularly SRP Section 13.6.2, Physical SecurityReview of Physical Security System DesignsStandard Design Certification and Operating Reactor Licensing Applications, Revision 2, issued June 2015, and SRP Section 14.3.12, Revision 1, issued May 2010 The NRC guidance, approaches, and examples described above and in other guidance for methods of compliance are not regulatory requirements and are not intended to be all inclusive.
The applicant may use methods or approaches for implementing NRC regulations other than those discussed in agency guidance as long as such measures satisfy the relevant and applicable NRC regulatory requirements.
13.6.4 Technical Evaluation The staff reviewed the design descriptions of PSS within the scope of the NuScale DCA to determine whether they satisfy the requirements of 10 CFR Part 73 that apply to a nuclear power reactor. For the PSS that have been incorporated into the scope of the DCA, the staffs review consists of determining whether the applicant has provided adequate and reasonable descriptions of design and technical bases and has reasonably described how the proposed
13-30 design will achieve the intended security functions. The staffs review does not include the security programs or integrations of engineered systems with administrative controls and management measures and organization to determine whether they would provide high assurance of adequate protection and a finding of an adequate physical security program, as specified in 10 CFR 73.55(a) through 10 CFR 73.55(r) for a COL. The NRC staff reviewed the identified COL information items to determine specific actions required for the design of site-specific PSS and the establishment of security programs that COL applicants referencing the certified NuScale design will address.
The staffs review was limited to the adequacy of the design and bases for the PSS that are relied on to perform security detection, assessment, communication, delay, and response functions. The COL applicant that is seeking a COL for a nuclear power plant must demonstrate high assurance of adequate protection against the DBT and compliance with the programmatic requirements of 10 CFR Part 73 (including administrative controls such as people and procedures). The NRC will not make a regulatory determination on the adequacy of planned programmatic or administrative controls for meeting 10 CFR Part 73 during a design certification review. Such a determination will be reserved for the review of a COL application.
The staffs review includes the following:
the applicants response to Request for Additional Information (RAI) 8902, dated October 10, 2017 (Agencywide Documents Access and Management System (ADAMS)
Accession No. ML17283A273) the applicants response to RAI 8998, dated December 8, 2017 (ADAMS Accession No. ML17345A513)
TR-0416-48929, NuScale Design of Physical Security Systems, Revision 1, submitted by letter to the NRC on January 8, 2019, and incorporated by reference in DCA Part 2, Tier 2, Section 13.6 The staff conducted a licensing audit for the design of PSS described for the NuScale standard design on December 5-6, 2017, at the NuScale Power Corvallis Office at Corvallis, OR. The audit plan is available at ADAMS Accession No. ML17318A512. The audit report is available at ADAMS Accession No. ML18031A454. Enclosure 3 of the audit report contains a list of documents made available to the NRC staff during the audit. These documents encompass engineering calculations, assessments, analyses, reports, and drawings supporting the design of the PSS and the results and conclusions in TR-0416-48929.
13.6.4.1 Design Considerations for Physical Security In DCA Part 2, Tier 2, Section 13.6, and TR-0416-48929, the applicant described how engineered PSS, including their configurations, are designed for performing security functions to detect, assess, communicate, and delay malevolent acts and to respond to such acts.
TR-0416-48929 describes the design and performance of systems and configurations of the security design features identified in DCA Part 2, Tier 1, Section 3.16.2. The TR-0416-48929 descriptions of the PSS design conform to SRP Section 13.6.2, Revision 2, which was in effect when the NuScale DCA was docketed. Conforming to guidance, the applicants design descriptions address design elements identified in SRP Section 13.6.2, Table 13.6.2.1, Design of Physical Security Systems within the Nuclear Island and Structures, and the applicant
13-31 considered additional PSS identified in SRP Table 13.6.2.2, Designs of Physical Security Systems for Plant Area Beyond the Nuclear Island and Structures, which may be included within the scope of the design certification or reserved for the COL applicant that references the certified NuScale Power Plant design. Section 7, Figures, of TR-0416-48929 provides the plant layout diagram that identifies SSCs and design configurations of PSS that are within the scope of the DCA.
TR-0416-48929 states that the NuScale Power Plant nuclear island and structures physical security design provides features to detect, assess, impede, and delay threats up to and including the design basis threat for radiological sabotage in compliance with the requirements of 10 CFR 73.55.
TR-0416-48929 supplements the information in DCA Part 2, Tier 2, with design and related information, results of evaluations or analyses, and design and performance requirements. The applicants descriptions of security design elements and concepts (e.g., engineered systems, technologies, and equipment) address the following for the nuclear island and structures within the scope of the NuScale standard design:
the design of PSS for interior detection, assessment, access control, and security response physical barriers (e.g., control (or denial) of access, interior security response, deterrence and delay, securing and monitoring of openings, bullet resistance, protection of vital equipment) vital equipment, vital areas, and intrusion detection and control of access systems minimum safe standoff distances (MSSDs) interior detection and assessment systems central (security) alarm station illuminations communications The staff concludes that, consistent with SRP Section 13.6.2, the applicant has adequately considered physical security in the NuScale standard design by including design information on PSS within the nuclear island and structures to address security functions that meet the applicable requirements of 10 CFR 73.55. A detailed explanation of how the PSS specifically meet the applicable requirements is given below in Sections 13.6.4.2 to 13.6.4.4 of this report.
TR-0416-48929, Table 5-1, COL Applicant Responsibilities, states that the COL applicant will be responsible for addressing design elements involving site-specific conditions unable to be addressed in NuScales SMR [small modular reactor] standard plant design (e.g., programs, personnel, plans, and procedures) and design elements exempted in accordance with Criterion 3(a) or 3(b) [described in SRP Section 13.6.2]. A COL applicant that references the NuScale certified design will be responsible for the items listed in Table 5-1 below. The items identify information that the COL applicant provides to satisfy COL Item 13.6-1, and COL Item
13-32 13.6-2 states that the COL applicant is responsible for the requirements in Table 5-1 of TR-0416-48929. Table 5-1 includes the COL applicants responsibilities for providing design details that address PSS outside the scope of the NuScale standard design and program descriptions and security plans in accordance with the requirements in 10 CFR Part 73. A COL application that addresses COL Items 13.6-1 and 13.6-2 would include site-specific PSS design details such as the following:
location and design details for the secondary alarm station physical security barriers outside the nuclear island and structures isolation zones, PA, and associated intrusion assessment systems VBS exterior personnel, vehicle, and material access control portals main security building secondary power supply for the communication system secondary security power system bounding MSSD, alarm station survivability, and protection against vehicle bombs alarm station functions and redundant capabilities detection and assessment functions illumination of isolation zone and PA secondary alarm station communications uninterruptable power system and inline generators or other sources of backup power Table 13.6-1 of this report lists the COL items for physical security.
The staff concludes that the applicant adequately established the COL applicants responsibilities for providing the design of PSS that are not located within or integral to the construction of the nuclear island and structures and providing security programs that are outside of the scope of the NuScale standard design.
13.6.4.2 Security Evaluations and Analyses Vital Equipment Identification Process TR-0416-48929, Section 4.8, Vital Areas and Equipment (Element 8), lists vital equipment for the NuScale standard power plant. The applicant indicated that a multidisciplinary team identified the vital equipment. The applicant evaluated reactor design and safety analysis information in the NuScale DCA and supporting analyses and documentation that served as the source for the identification process. The applicant indicated that identification of the vital equipment was based on the definition of vital equipment in 10 CFR 73.2, Definitions. In TR-0416-48929, Section 4.8, the applicant stated the following about identifying vital equipment:
An interdisciplinary design team evaluated SSC for vital equipment designation.
The team included members from Physical Security, Plant Operations, Electrical Engineering, I&C Engineering, Civil/Structural Engineer, Nuclear Safety Engineering, and Probabilistic Risk Assessment Engineering. Using the 10 CFR 73.2 definition for vital equipment, the team evaluated systems and components for potential inclusion as vital equipment.
The applicant applied the definition of vital equipment in 10 CFR 73.2, which states that vital equipment means any equipment, systems, devices, or material,
13-33 that failure, destruction, or release of which could directly or indirectly endanger the public health and safety by exposure to radiation. Equipment or systems which would be required to function to protect public health and safety following such a failure, destruction, or release are considered to be vital.
In its response to RAI 8998, Question 13.06.02-11, dated December 8, 2017 (ADAMS Accession No. ML17345A513), the applicant provided the following additional information on its evaluation of the NuScale standard power plant and the control of changes to its design:
The team used insights from the probabilistic risk assessment (PRA), the safety analysis, the SSC classification from the design reliability assurance program, and the vital equipment definition from 10 CFR 73.2 as the criteria for identifying vital equipment for the NuScale Power Plant. The evaluation assumed that all radiation that is released from the loss of vital equipment escapes to the environment.
The evaluation considered whether the design included sufficient defense in depth to prevent any one SSC from causing a release of radiation significant enough to endanger public health and safety. The designation of an SSC as safety related and risk significant is based on the PRA, safety analysis, and the design reliability assurance program.
The information on the initiating event analysis, accident sequence analysis, system analysis, and human reliability analysis described in DCA Part 2, Tier 2, Chapter 19, Probabilistic Risk Assessment and Severe Accident Evaluation, was used to support the identification of vital equipment. Failure modes postulated in the PRA, along with internal fire and flood analyses addressed in DCA Part 2, Tier 2, Section 3.4, Water Level (Flood) Design, and Appendix 9A, Fire Hazard Analysis, were also considered.
In identifying vital equipment, the evaluation also considered piping external to the modules and their safety-related and risk significance, loss of power or signals (cable controlling safety-related components) and systems failures to safe configurations, all components required to achieve safe shutdown, and the single-failure criterion and failure of multiple redundant components.
NuScale uses an engineering change control program to maintain design configuration control and alignment with the licensing design basis. When a design engineer initiates a design change, an interdisciplinary panel of NuScale management reviews the proposed change to assess the potential impact on other areas of the design, including the current licensing basis.
The staff made the following findings:
In TR-0416-48929, Section 4.8, the applicant established a reasonable process and applied reasonable criteria and assumptions for identifying a complete and accurate list of vital equipment for the NuScale standard power plant based on the definition of vital equipment in 10 CFR 73.2.
The applicant applied and relied on information from the design and safety analyses for the NuScale standard design to identify an accurate and complete list of vital equipment.
13-34 Vital Equipment List The applicant provided a list of vital equipment for the NuScale standard design in TR-0416-48929, Section 4.8.2, that meets the definition of 10 CFR 73.2 as vital. The details of the NuScale Power Plant SSCs (e.g., frontline systems and supporting systems) that make up the vital equipment for the NuScale standard design are identified as SGI; therefore, they are protected in accordance with 10 CFR 73.21, Protection of Safeguards Information; Performance Requirements, and withheld from the public in accordance with provisions of 10 CFR 2.390. In its review of the applicants vital equipment list, the staff did not identify cases where the applicant excluded frontline systems/functions or primary supporting systems that meet the definition of vital equipment.
The staff made the following findings:
The applicant has identified and provided lists of vital equipment for the NuScale standard design based on the definition of vital equipment in 10 CFR 73.2. TR-0416-48929 provides the detailed list of vital equipment.
The applicants list of vital equipment for the NuScale standard design is sufficiently complete and accurate to meet the definition of vital equipment in 10 CFR 73.2.
Vital Areas The requirements in 10 CFR 73.55(e)(9)(i) state that [v]ital equipment must be located only within vital areas, which must be located within a protected area so that access to vital equipment requires passage through at least two physical barriers, except as otherwise approved by the Commission and identified in the security plans. The applicant established vital areas within the scope of the NuScale standard plant based on the safety-related systems and components identified on the vital equipment list and other areas required by 10 CFR 73.55(e)(9) to designate the main control room (MCR), central alarm station (CAS),
spent fuel pool, and secondary power supply as vital areas. TR-0416-48929, Section 4.10, Design Element No. 10, addresses the specific areas that are designated vital, which are shown in TR-0416-48929, Section 7.
The applicant identified the vital areas that consist of the nuclear island and structures. Given the diverse locations of equipment that are considered vital, the applicant established certain building perimeters that enclose the vital equipment as boundaries of the vital areas. The applicant indicated that the designs and configurations of vital areas restrict access and limit access pathways, which facilitate the implementation of security for unauthorized access. The figures in TR-0416-48929, Section 7.1 through Section 7.9, show the specific boundaries of a structure that form the vital areas within the nuclear island and structures. The figures also show the exterior boundaries of the plant structures that form vital areas. The detailed boundaries of the vital areas are identified as SGI and are protected in accordance with the requirements of 10 CFR 73.21. The figures in TR-0416-48929, Section 7, show the specific boundaries of the spent fuel pool that form the vital area.
TR-0416-48929 establishes design requirements for PSS that are standard for the protection of vital areas. TR-0416-48929, Section 3 describes the design of the NuScale Power Plant, which incorporates fewer, simpler, and passive SSCs that reduce reliance on operator actions and electrical power and provide an additional source of coolant for the safety of reactor operations (e.g., based on the analysis of design-basis accidents). TR-0416-48929, Section 4, Design
13-35 Element Responses, describes the designs of PSS for the vital area portal detection system, interior assessment and monitoring, the vital area access control system, and the alarm system associated with the protection of the vital areas. Specifically, TR-0416-48929, Section 4.1; Section 4.2, Design Element No. 2; and Section 4.9, Design Element No. 9, describe the design requirements for systems and components that provide access control, locking, and intrusion detection; assessment; communications; and emergency egress for the vital areas.
The design descriptions include the system interfaces with security alarm stations necessary for the redundant intrusion detection alarm indications and assessment of alarms and physical barriers to address unauthorized access. TR-0416-48929, Section 4.6, Design Element No. 6, addresses the design of security systems for securing, monitoring, detecting intrusion, and controlling access of vital area barrier system openings.
TR-0416-48929, Section 3, describes the design of system logic sequences for initiating alarm conditions and the supervision and monitoring of alarm signal integrity and system normal and trouble conditions, such as tampering, loss of or degraded signals, or a short in the system signal circuits for detecting the loss of system functions or abnormal system functions, as discussed under the alarm station design and in TR-0416-48929, Section 4.16, Design Element No. 16.
The design descriptions specify the minimum duration and establish the configurations of secondary power supply designed for the continuity of security functions. The applicant also established design requirements for interfaces between the access control system and locking devices in the event of a loss of both primary and secondary power and identified the design requirements for protecting control and power wiring against physical tampering.
TR-0416-48929, Figure 25, Security Power One Line Diagram, and Figure 26, Simplified Security System Interconnection Diagram, show the configurations for the design of the primary and secondary power supply for performing security functions, vital entry controls, and alarms with intrusion detection systems that annunciate at alarm stations to comply with regulatory requirements. The vital area physical boundaries are spatially separated from the PA boundary.
TR-0416-48929, Section 7, provides the vital area boundaries.
The staff made the following findings:
The applicant identified and designated vital areas to include vital equipment listed in TR-0416-48929, Section 4.8, and established that no vital equipment within the scope of the NuScale standard design is located outside of areas designated as vital. TR-0416-48929 documents the results of the applicants evaluation and identification of vital equipment and vital areas for the NuScale standard design. DCA Part 2, Tier 2, Section 13.6, incorporates TR-0416-48929 by reference.
The applicant has adequately described the design bases for physical barriers for the nuclear island and structures that have been designated as vital areas to address one of two barriers in accordance with 10 CFR 73.55(e)(9)(i), which requires that access to vital equipment must have passage through at least two physical barriers. The other barrier is the PA barrier, which is not within the scope of the NuScale DCA and would be addressed by a COL applicant referencing the NuScale standard design, as discussed in TR-0416-48929.
The applicant has adequately described the design of physical barriers to control access to the vital areas within the scope of the DCA and satisfied the requirements of
13-36 10 CFR 73.55(e)(1). The design provided the control and delay of access necessary to facilitate the implementation of security responses.
The applicant has identified the areas designated as vital for the NuScale standard design in TR-0416-48929. The NuScale standard design vital areas consist of the nuclear island and structures. The applicant adequately addressed the requirements of 10 CFR 73.55(e)(9)(v) by designating vital areas that enclose identified vital equipment and the MCR, CAS, and spent fuel pool.
Security Computer Design Requirements TR-0416-48929 provides systems functional diagrams showing the design interfaces of security computer systems with subsystems for performing redundant intrusion detection and assessment, access controls, and the interfaces between alarm stations. The design diagram addressing the capabilities of the systems for data communication and interfaces with subsystems and components is shown in TR-0416-48929, Figure 25, Simplified Security System Interconnection Diagram.
The security computer systems support the plant security functions by continuous access control, monitoring of doors, and the prompt reporting and permanent recording of all alarm points and system conditions (e.g., intrusions, tampers, and trouble conditions). The security computers are located within vital areas, and access is controlled. TR-0416-48929, Figure 26, shows the redundant security computers, which are spatially separated and independently powered by diverse security power subsystems; each one is independently capable of providing the required security functions. The security computer systems network is isolated and does not connect to any other plant system, computer, or data network. The CAS workstation and monitors are used to display the area of the originating alarm.
The security computer systems will be capable of data communications using the dedicated network. The computers, graphic displays, closed-circuit television system (CCTV) servers, and digital video recording systems are connected to the network. The network configuration allows communication between devices to provide information to the alarm station operators.
TR-0416-48929, Figure 26, shows the functional diagram for the design of the security computer systems network. The figure shows how the network will be configured and how the backbone and infrastructure will accommodate the security devices. The remote field devices, such as intrusion detectors, CCTV, door card readers, and security alarming devices, are connected to the network and will be supplied by the COL applicant to complete the total integrated security systems. The security circuits are supervised and tamper indicating for indication of system conditions and operability.
The computer systems that process the inputs from remote field components to generate alarm indications from the intrusion detection system are on a dedicated network that is redundant and independent from other network systems. TR-0416-48929, Section 7, Figure 26, requires the designs for the systems to be independent and redundant of each other such that input from field devices and components is transmitted to allow both alarm stations to receive, process, and display the same information. The configuration provides continuity of security functions if either system has a malfunction.
The computer systems are also designed such that an alarm station operator cannot change the status of a detection point or deactivate a locking control device at a PA or vital area portal without the knowledge and concurrence of the alarm station operator in the other alarm station.
13-37 All wiring that connects the computer systems with remote access control components (e.g., card readers, controllers) and with other security subsystems (e.g., perimeter intrusion detection) is configured as electronically supervised circuits. The primary and secondary cables between the alarm stations and controllers are separated to prevent simultaneous damage caused by a sabotage attempt or any unintended actions.
The security computer systems also interface with the CCTV. The functions of the CCTV system include operating cameras that provide visual monitoring of the area with an alarm in the event that the intrusion detection system actuates and that allow assessment of the area with an alarm.
Personnel access for the NuScale plant is controlled by a computer-based automatic access control system. The computer for the access control system will also interface with security subsystems, such as intrusion detection and CCTV images. The access control system permits entry only to those persons authorized to enter specific areas at the access point into the PA, buildings, and vital areas. Access point activities (including open or close door status, alarm indications, and attempts at unauthorized entry) are recorded. For continuity of access control functions, the system provides for automatic switchover to uninterrupted power supply and secondary power in the event that primary power is interrupted.
In TR-0416-48929, Section 4.2, the applicant indicated that the COL applicant is responsible for providing vendor-specific design descriptions for the assessment system. The applicant indicated that the cameras and locations depicted in the figures in Section 7 are recommendations to a COL applicant to support the use of assessment technology for performing security functions, which would consider the plant lighting system for illumination to address the site-specific conditions in accordance with 10 CFR 73.55(b)(4).
The COL applicant that references the certified NuScale design must establish and describe how it will meet the requirements of 10 CFR 73.54. RG 5.71, Cyber Security Programs for Nuclear Facilities, provides acceptable methods and approaches for developing and establishing a cybersecurity program and submitting a cybersecurity plan to satisfy the requirement of 10 CFR 52.79(a)(36)(iii). The need for this information is addressed by COL Item 13.6-3 and TR-0416-48929, Table 5-1.
The staff made the following findings:
The applicant adequately described the design of independent and redundant security computer systems and interfaces that support redundancy for the alarm station security functions of intrusion detection, assessment, and access control.
The COL applicant that references the NuScale certified design is responsible for meeting the requirements of 10 CFR 73.54 for a cybersecurity program that protects digital computers and communication systems and networks.
The determination and finding on whether the applicant has met the requirements of 10 CFR 73.54 for a cybersecurity program are beyond the scope of the DCA. The NRC will evaluate compliance with the regulatory requirements for an adequate cybersecurity program as part of the review of a COL or an operating license application.
13.6.4.3 Design for Physical Barriers
13-38 Vital Area and Security Delay Barriers Figure 1.2-1, Conceptual Site Layout, and Figure 1.2-2, NuScale Functional Boundaries, in DCA Part 2, Tier 1, Section 1.2.1, Principle Site Characteristics, show the separation from a PA boundary that a COL applicant will establish to comply with the requirements of 10 CFR 73.55(e)(8). The physical barriers for the PA perimeter and the vital area barriers and access controls delay an unauthorized persons access to a vital area and allow security responders to interdict the unauthorized person before he or she can reach a vital area boundary and delay his or her access into a vital area. TR-0416-48929 (i.e., Figures 7 and 10) show the vital area boundaries as distinct from a PA physical barrier.
The applicant described the design of the PSS provided to protect the access to vital areas.
Specifically, TR-0416-48929 describes the design requirements for the protection of unoccupied vital areas, establishment of vital area physical barriers and separation from the PA, protection of penetrations through vital area physical barriers, minimization of entry points, hardening of vital area portal egress, control of access to vital areas, and detection and assessment of unauthorized access or intrusion for security response.
Section 3 of TR-0416-48929 describes the design and construction of vital area barriers, the vital area access control system, and alarm station design (bullet resistant). The configurations of vital area boundaries are described in Sections 4.2, 4.3, 4.6, 4.7, 4.14, and 7 (Figures 1-10).
The descriptions of the minimum construction design requirements for walls, floors, and ceilings to establish physical barriers that enclose the designated vital areas, the MCR, and the CAS to satisfy bullet-resisting requirements are described in Sections 4.1-4.4, 4.7, 4.9, 7.21, 7.23, and 7.24 (Figures 23 and 24). In addition, the descriptions of the design and construction requirements for the vital area barriers include the boundaries that enclose the spent fuel pool, as required by 10 CFR 73.55(e)(9). TR-0416-48929, Section 4.10, describes the identification of the walls, floor, and roof that form the boundaries enclosing the spent fuel pool, which is designated as vital in accordance with 10 CFR 75.55(e)(9)(v) and (9)(vi).
In TR-0416-48929, Section 3, Item 14, the applicant described physical barriers within the reactor building (RXB) or control building to delay the DBT adversary. The applicant identified preliminary locations for such barriers in TR-0416-48929, Section 4.4, and drawings (Figure 27, Simplified Drawing of HVAC Barrier, and Figure 28, Simplified Drawing of Mall Gate) on recommended typical design of physical barriers. The applicant indicated that final delay credited for physical barriers, including access and exit barriers, will be the COL applicants responsibility. The COL applicants protective strategy must account for site-specific conditions, in accordance with 10 CFR 73.55(b)(4), for the design of a physical protection system that protects against the DBT for radiological sabotage.
TR-0416-48929, Section 4.7, describes the minimum design requirements of the walls, floor, and ceiling needed for meeting the function of bullet-resisting barriers. The design descriptions include the requirement for doors to meet Underwriters Laboratories (UL) 752, Standard for Bullet-Resisting Equipment, which is an acceptable standard for meeting NRC requirements as discussed in SRP Section 13.6.2. The design requirements include the protection of openings, such as for heating, ventilation, and air conditioning (HVAC), that penetrate the vital area barriers. TR-0416-48929, Figures 23 and 24, describe the barriers for protecting the CAS and typical protection for HVAC penetrations through the vital area barriers. The design for HVAC penetration openings requires the installation of barriers that allow airflow but do not allow the
13-39 passage of a person. The physical barriers installed for HVAC penetrations are to restrict access and provide a security delay against forced entry.
TR-0416-48929, Sections 3.0, 4.2, 4.3., 4.4, 4.5, 4.6, 4.8, 4.9, 4.13, 4.14, 4.19, and 4.21, provide additional design descriptions for the protection of penetrations through the vital area physical barriers. Engineered systems or features that provide delay, denial, control, detection, and monitoring functions for unauthorized access must protect all openings that exceed a standard opening that is too small for the passage of an individual. TR-0416-48929, Section 7, shows the typical configuration of a vital area door with locking and alarming capabilities.
TR-0416-48929, Figures 21, 23, and 24, show the locations for installations of bullet-resistant doors. The penetrations of HVAC ducts, cable trays, ventilation fans, and other such features are protected to ensure that the integrity of the vital area barrier is not decreased and that the penetrations do not allow for the passage of a person. TR-0416-48929, Section 7.26, Figure 26, shows the design configurations of vital area access controls, locks, and alarms for PSS that are included in the NuScale standard design.
The applicant indicated that barriers that protect penetrations through the vital area barriers will provide for a delay similar to that afforded by the adjacent portion of the vital area barriers or will otherwise provide the delay needed, and these barriers will comply with the regulatory requirements for a security barrier in 10 CFR 73.2. The security design features include hardened doors that delay forced entry and resist mechanical and explosive breaching to allow for security responses. TR-0416-48929, Figures 5-8, Figure 10, Figures 15-18, and Figures 20-21, show locations and doors that will be designed to delay unauthorized entries into designated vital areas and to control access to vital equipment.
TR-0416-48929, Sections 4.6, 4.7, and 4.9, describe the design and construction requirements for delay to forced entry and locking mechanisms to secure vital area portals for ingress and egress. The design includes locking devices that allow for rapid egress during an emergency.
UL-listed exit devices or panic and locking hardware account for normal and emergency operations and functions in the event of a loss of power. TR-0416-48929 also describes the design for hardened openings.
The system functional diagrams in TR-0416-48929, Figure 26, show the design for the access control system, access control unit, door control, intrusion detection components, and network management systems for vital areas. The design provides redundant systems for access control functions at alarm stations. Similarly, the design details of the intrusion detection and assessment systems show and establish the designed redundancy and separation of systems that provide intrusion detection and assessment functions.
The staff made the following findings:
The applicant has adequately described the design bases for the physical barriers of the nuclear island and structures that are within the scope of the NuScale standard design to meet 10 CFR 73.55(e). A COL applicant that references the NuScale design will analyze site-specific conditions and describe the integration and design of additional physical barriers for meeting the requirements of 10 CFR 73.55(e), including sufficient delay to support the required security response time.
The applicant adequately described the design and performance requirements of physical barriers for the nuclear island and structures that have been designated as vital
13-40 areas and adequately addressed one of two physical barriers required for access to vital equipment in accordance with 10 CFR 73.55(e)(9)(i).
The applicant adequately addressed the requirements of 10 CFR 73.55(e)(9)(ii) by providing a standard design that protects all vital area access points and vital area emergency exits with intrusion detection equipment and locking devices that satisfy the vital area entry control requirements and meet the requirement in 10 CFR 73.55(e)(9)(iii) that unoccupied vital areas must be locked and alarmed.
The applicant adequately described the design and performance requirements of the PSS for access control. Specifically, the applicants design addresses the requirements of 10 CFR 73.55(g) as they pertain to access to the nuclear island and structures of the NuScale Power Plant. The PSS design includes access control systems that meet the requirements of 10 CFR 73.55(g)(1)(i)(A) and (i)(B) at the vital area boundaries for the control of personnel, protection of openings with physical barriers with locking devices to delay access, inclusion of intrusion detection systems to detect unauthorized access, and provision of equipment to assess physical conditions of designated vital areas.
The applicant adequately described the design and performance of PSS that provide capabilities for surveillance, observations, and monitoring in accordance with the requirements of 10 CFR 73.55(i)(5). The design also addressed the control of unattended openings by providing physical barriers and intrusion detection systems in accordance with 10 CFR 73.55(i)(5)(iii).
The applicant has adequately considered the applicable requirements in 10 CFR 73.55 for the design of PSS within the scope of the NuScale DCA to comply with the requirements of 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants, for design certification. The staff concluded that the applicant has designated vital area boundaries, as indicated in TR-0416-48929, and established that vital equipment identified for the NuScale standard design will be located within vital areas in accordance with the requirements of 10 CFR 73.55(e)(9)(i).
The applicant has adequately met the prescriptive requirements in the 10 CFR 73.2 definition for physical barrier by providing the design of PSS or by crediting building structural systems that satisfy the requirement for using brick, cinder block, concrete, steel, or comparable material for the construction of walls, ceilings, and floors. (The openings in such structures are secured by grates, doors, or covers of construction and fastening with sufficient strength such that any opening will not lessen the integrity of the structures.) The staff determined that the 10 CFR 73.2 prescriptive requirements for physical barriers related to site-specific designs for fence construction do not apply to the physical barrier systems described for the nuclear island and structures within the scope of the DCA. The COL applicant will address and satisfy the requirements for site-specific physical barriers.
Bullet-Resistant Barriers In TR-0416-48929, the applicant described the minimum construction standards for the walls, floors, and ceilings of the MCR and CAS and the exterior and interior boundaries of buildings that have been designated as physical barriers that enclose vital areas. The applicant included
13-41 design information for protecting openings and penetrations through vital area barriers, as previously discussed in this SER.
In its response to RAI 8998, Question 13.06-02-7b, dated December 8, 2018 (ADAMS Accession No. ML17345A513), the applicant indicated that the thickness of reinforced concrete for the bullet-resisting design basis relies on guidance in U.S. Department of Defense (DoD)
Uniform Facility Code (UFC) 4-023-08, Design to Resist Direct Fire Weapon Effects, issued July 2008, to determine the minimum thickness needed to meet the UL 752 standard and establish a conservative thickness of reinforced concrete. The structural design for walls, floors, and ceilings consists of varying thicknesses of reinforced concrete that exceed the minimum thickness required for structures, walls, and locations of doors needed to meet bullet-resistance requirements. The walls, floors, and ceilings of the CAS are of a thickness beyond that chosen as a baseline minimum required for resisting bullets, and the as-built structure would provide additional design margin in the construction of the physical barriers.
The buildings that house the CAS and are designated as a vital area will be constructed and installed with access controls and protection of openings and penetrations to meet vital area and bullet-resistance requirements. The areas that contain the alarm station will also be designated as vital areas and will meet the appropriate vital area requirements. The applicant indicated that the design of the last access control location is outside the scope of the NuScale standard design and will be specified by the COL applicant, and that the COL information will include the construction requirements for bullet-resisting physical barriers.
The applicant indicated that the MCR and CAS walls, floors, ceilings, doors, and windows are designed and will be constructed to meet a minimum bullet resistance to a UL level, as shown in TR-0416-48929, Figures 10, 21, 23, and 24. TR-0416-48929, Section 4.7, provides the design requirements for the construction of doors to provide a minimum UL 752 standard for bullet resistance. The applicant indicated that the walls, floors, and ceilings of the MCR have a minimum thickness of reinforced concrete that is credited to meet the physical protection requirement for a bullet-resistant barrier. The thickness of concrete exceeds the bullet-resistance requirements of the UL 752 standard. Any doors on the MCR boundary will be bullet resisting to the minimum of the UL 752 standard. The windows on doors that lead into the MCR will be bullet resistant.
The staff finds that the applicant has adequately described the design for the MCR and CAS to meet the requirements of 10 CFR 73.55(e)(5). The design provides protection for the MCR and CAS with a bullet-resistant enclosure by crediting structural elements of the NuScale standard power plant and providing hardened doors and engineered barriers for protecting openings and penetrations of the bullet-resistant enclosure. The design of the last access control to the PA is outside the scope of the DCA.
Vital Area Doors TR-0416-48929, Section 7, Figures 5-22, establish door schedules for the design and locations of doors with card reader access, lock, and alarm. The figures in TR-0416-48929, Section 7, show the typical vital area access control doors and the design configuration for the installation of intrusion detection, access control, locking, and other design features for securing vital areas.
To provide delay and access control, exterior doors have a delay capability equivalent to the delay capability credited for the structure walls. The remaining exterior doors are hardened to provide resistance to penetrations with delay control as stated in TR-0416-48929.
13-42 The design descriptions in TR-0416-48929, Section 4.9, address requirements to provide exit devices on vital area egress doors that require emergency egress capability. Section 4.9 describes these devices and their operation. Utility penetrations, such as HVAC ducts and other piping, will be equipped with barriers hardened with construction material that delays unauthorized access.
The staff finds that the applicants description of the design bases for physical barriers, as detailed in TR-0416-48929, adequately addresses the requirements of 10 CFR 73.55(e)(4) by providing the design of physical barrier systems that secure openings or penetrations into the structural boundaries of the nuclear island and structures.
Vehicle Barrier System The construction and installation of the VBS are to be addressed by the COL applicant.
However, in TR-0416-48929, Section 4.11, Design Element No. 11, the applicant established and showed the bounding MSSD for protecting the nuclear island and structures, including the CAS, from the maximum DBT vehicle-borne explosive. Table 4-1, Minimum Standoff Distances, in TR-0416-48929 shows the required MSSDs for the construction and installation of a continuous VBS, along with results for the required minimum standard of distance for the CAS and the protection of physical security SSCs and personnel that must be met for a bounding MSSD.
TR-0416-48929, Section 4.11, indicates that the VBS must be located at least the bounding MSSD from the nearest external surface of any vital areas. The distance required is based on methods or approaches referenced in NUREG/CR-6190, Protection against Malevolent Use of Vehicles at Nuclear Power Plants, dated March 27, 2003. The applicant applied DoD methods and guidance for predicting blast effects and structural responses to assess and evaluate the various distances that would be safe for SSCs for the safety of nuclear plant operations and personnel. They included DoD UFC 3-040-01, Design and Analysis of Hardened Structures to Conventional Weapons Effects; UFC 3-340-02, Structures to Resist the Effect of Accidental Explosion; and U.S. Army Corps of Engineers Protective Design Center TR-06-08, Single Degree Freedom Structural Response Limits for Antiterrorism Design, Department of Defense Single Degree of Freedom Blast Design Spreadsheet (SBEDS), BlastXFast Running Model for Airblast Prediction Involving Internal and External Detonations, In Structure Shock (ISS) 3D, and LS-Dyna Finite Element Analysis Software.
The staff conducted a licensing audit for the design of PSS described for the NuScale standard design on December 5-6, 2017. During the audit, the staff examined the assessment and engineering calculations supporting the results and conclusions in TR-0416-48929, Section 4.11. The staff concluded that the overall determinations of required MSSDs for the structures within the scope of the NuScale standard design were based on accepted methods, software, or guidance and that the results are reasonable. The staff noted that some of the MSSDs in TR-0416-48929, Revision 0, differed from the values in the supporting calculations; these discrepancies were corrected in Revision 1 of TR-0416-48929. Enclosure 1 to the NRC memorandum dated February 16, 2018 (ADAMS Accession No. ML18031A454), documents the results of the staffs audit.
In TR-0416-48929, Table 4-1, the applicant provided the minimum standoff distances analyzed for the RXB to protect against the DBT vehicle-borne explosive. The applicants analysis did not include the determination of minimum standoff distances for the secondary alarm station,
13-43 personnel in open or in nonhardened enclosures, and blast-and bullet-resistance enclosures, which are not included in the scope of the NuScale DCA.
In TR-0416-48929, Section 6, References, the applicant identified engineering calculations, analyses, assessments, or other references that provide the design and technical basis for the summary descriptions of designs, design bases, results, and conclusions in TR-0416-48929.
The staff finds that the applicant has adequately assessed and documented the required MSSDs for the NuScale nuclear island and structures based on a maximum quantity of explosives associated with the adversarial characteristics of the DBT. The applicant adequately established the design basis for a location of the VBS that would be sufficient to protect safety-related SSCs or loss of spent fuel pool cooling against the DBT vehicle-borne explosive threats.
13.6.4.4 Design Features Facilitating Security Response The applicant did not include the design of PSS that facilitate security, such as hardened defensive fighting positions, in the scope of the NuScale standard design. Other than the PSS described above, the design of the fighting positions (e.g., locations, blast and bullet resistance, firing ports, material construction, fully or partially enclosed fighting positions to protect security personnel from attack, blast protection, environmental controls and protection, lighting, communications) and other features (e.g., delay, protection against hand-thrown explosives) for security responses to interdict or neutralize the DBT must be provided by the COL applicant.
The COL applicant will address these issues to meet the requirements of 10 CFR Part 73 for a COL.
13.6.5 Combined License Information Items The staff reviewed the applicants descriptions of COL information items that a COL applicant is directed to address if referencing the certified NuScale design. The applicant provided the following COL information items in DCA Part 2, Tier 2, Table 1.8-2, and in TR-0416-48929.
Table 13.6-1 NuScale COL Information Items related to Section 13.6 Item No.
Description DCA Part 2, Tier 2, Section COL Item 13.6-1 A COL Applicant that references the NuScale Power Plant design certification will provide the following: Security Plans (Physical Security, Security Training and Qualification, and Safeguards Contingency Plans); proposed site security provisions to be implemented during construction and as modules are completed and become operational of a new plant; portions of the physical security system not located within the nuclear island and structures.
13.6 COL Item 13.6-2 A COL Applicant that references the NuScale Power Plant design certification will be responsible for the requirements described in Table 5-1 of TR-0416-48929, Rev 0 NuScale Design of Physical Security Systems.
13.6
13-44 Item No.
Description DCA Part 2, Tier 2, Section COL Item 13.6-3 A COL Applicant that references the NuScale Power Plant design certification will provide a secondary alarm station that is equal and redundant to the central alarm station.
13.6 COL Item 13.6-4 A COL Applicant that references the NuScale Power Plant design certification will provide Inspections, Tests, Analyses, and Acceptance Criteria for site specific physical security SSCs.
13.6 COL Item 13.6-5 A COL Applicant that references the NuScale Power Plant design certification will provide a description of the Access Authorization Program.
13.6 COL Item 13.6-6 A COL Applicant that references the NuScale Power Plant design certification will provide a Cyber Security Plan.
13.6 COL Item 9.5-2 A COL applicant that references the NuScale Power Plant design certification will determine the location for the security power equipment within a vital area in accordance with 10 CFR 73.55(e)(9)(vii)(B).
9.5 COL Item 13.4-1 A COL applicant that references the NuScale Power Plant design certification will provide site-specific information, including implementing schedule, for operations program:
Security (refer to Section 13.6) 13.4 COL Item 13.5-3 A COL applicant that references the NuScale Power Plant design certification will describe the site-specific maintenance and other operating procedures, including how these procedures are classified, and the general format and content of the different classifications. The categories of procedures listed below should be included:
Plant security procedures 13.5 COL Item 13.7-1 A COL applicant that references the NuScale Power Plant design certification will provide a description of the applicants 10 CFR 26 compliant fitness-for-duty (FFD) program for operations.
13.7 COL Item 13.7-2 A COL applicant that references the NuScale Power Plant design certification will provide a description of the applicants 10 CFR 26 compliant fitness-for-duty (FFD) program for construction.
13.7 TR-0416-48929, Section 5, Summary and Conclusions, states that the COL applicant will be responsible for addressing site-specific conditions (e.g., programs, personnel, plans, procedures) and design element details that are not addressed in the NuScale standard design, based on the guidance of SRP Section 13.6.2 (i.e., Criterion 3(A) and 3(B)).
TR-0416-48929, Table 5-1, identifies the following site-specific details for the design and configuration of the PSS that the COL applicant that references the certified NuScale Power Plant design will address as COL information:
Provide the location and design details for the secondary alarm station.
13-45 Provide design details for physical barriers located outside the nuclear island and structures.
Provide design details for isolation zones, associated intrusion detection monitoring equipment, and areas of the PA perimeter without isolation zones.
Provide vehicle barrier design details.
Provide design details for the exterior personnel, vehicles, and material access control portals.
Provide design details for the secondary alarm station and the main security building.
Provide design details for, and placement of, the communication system secondary power supply.
Provide design details for, and placement of, the secondary security power supply.
Ensure that the site-specific characteristics are bounded by the NuScale-calculated minimum standoff distances and ensure the survivability of the security alarm station.
Ensure that the site-specific physical security design is bounded by the NuScale blast analysis.
Ensure that the CAS and secondary alarm station are designed and equipped in accordance with the DBT of radiological sabotage such that no single act can simultaneously remove the ability of both alarm stations to (1) detect and assess alarms, (2) initiate and coordinate an adequate response to alarms, (3) summon offsite assistance, and (4) provide effective command and control.
Design the secondary alarm station such that the CAS and the secondary alarm station are functionally redundant.
Ensure that the alarm system design does not allow a change in the status of a detection point, locking mechanism, or access control device without the knowledge and concurrence of the alarm station operator in the other alarm station.
Provide design details for specific security illumination for the isolation zone and accessible external PAs.
Provide design details for the communication equipment in the secondary alarm station.
Describe the independent security power sources that consist of fully charged uninterrupted power supply batteries, inline generators, or other power sources.
TR-0416-48929, Table 5-1, also identifies the following commitments related to the security operational program that a COL applicant must complete to establish elements of a physical security program:
Establish, maintain, and implement a standalone insider mitigation program.
13-46 Establish, maintain, and implement a site-specific cybersecurity plan.
Establish and implement an access authorization system/program with a numbered photograph identification badge system for controlling access to PAs and vital areas.
Develop and implement a comprehensive site-specific physical security program description for PSS.
Test intrusion detection and assessment equipment to ensure that the requirements of 10 CFR 73.55(i)(3)(i) through 10 CFR 73.55(i)(3)(v) are met before declaring that the systems are operable.
Test intrusion detection systems to ensure the recordkeeping capability meets the requirements of 10 CFR 73.55(i)(4)(ii)(h) and 10 CFR 73.70(f) before declaring that the intrusion recording system is operable.
Select the appropriate vendors alarm station design.
The staff finds the COL information items listed in Table 13.6-1 to be complete. In addition to information already captured in DCA Part 2, Tier 2, the COL application must provide information showing compliance with applicable requirements (i.e., for a security plan, access authorization program, and cybersecurity plan), including addressing the COL information items described above.
13.6.6 Conclusion The staff concludes that the applicant has considered and provided design information for PSS within the scope of the DCA to facilitate the implementation of a physical protection program to protect against potential acts of radiological sabotage. Within the scope of the standard design, the design information provided satisfies the applicable parts of 10 CFR 73.55. Also, the staff concludes that the applicant has adequately identified the responsibilities of the COL applicant with respect to physical security.
13.7 FITNESS FOR DUTY In 10 CFR Part 26, Fitness for Duty Programs, the NRC prescribes requirements and standards for the establishment, implementation, and maintenance of FFD programs (73 FR 17176; March 31, 2008). In 10 CFR 26.3, Scope, the NRC states, in part, that holders of a COL under 10 CFR Part 52 shall implement the FFD program during construction and operation. Whether the COL holder is constructing the plant, has received special nuclear material on site, or is operating the plant will determine the FFD requirements that it must implement. In addition, an applicant for a COL who has been issued a limited work authorization under 10 CFR 50.10(e) must implement an FFD program if the limited work authorization permits the applicant to install the foundations for safety-and security-related SSCs. Under 10 CFR 52.79(a)(44), COL applications must contain [a] description of the fitness-for-duty program required by 10 CFR Part 26 and its implementation.
13-47 DCA Part 2, Tier 2, Table 1.8-2, provides COL Items 13.7-1 and 13.7-2, included in Table 13.6-1 above, for a COL applicant that references the certified NuScale Power Plant design.
DCA Part 2, Tier 2, Section 13.7.1, Combined License Information, restates the COL item and descriptions from DCA Part 2, Tier 2, Table 1.8-2. The staff agrees that the FFD program is the COL applicants responsibility. The staff finds that COL Items 13.7-1 and 13.7-2 adequately describe actions necessary for the COL applicant to address the regulatory requirements for an FFD program, and no additional COL items need to be included in DCA Part 2, Tier 2, Table 1.8-2, for FFD consideration.